Forum Discussion

Jim_Araujo_1061's avatar
Jim_Araujo_1061
Icon for Nimbostratus rankNimbostratus
Dec 09, 2013

iRule to choose SSL serverside Profile to use based on HTTP_REQUEST

Hi Folks,   I want to think this is possible. I am trying to based on the HTTP_REQUEST and host header, select the serverside connections SSL profile. For example,   If host header is abc.example...
application delivery
design
devops
iRules
security
ssl
ssl profile
Jim_Araujo_1061's avatar
Jim_Araujo_1061
Icon for Nimbostratus rankNimbostratus
Dec 09, 2013

Figured it out! Had to add a variable in the HTTP_REQUEST and add the event for SERVER_CONNECTED. See code below.

 

Hi Folks,

 

I want to think this is possible. I am trying to based on the HTTP_REQUEST and host header, select the serverside connections SSL profile. For example,

 

If host header is abc.example.com I want the serverside SSL profile to be the default serverssl. But if the host header is xyz.example.com then I want the serverside SSL profile to be serverssl-insecure-compatible. Teh client side connection works fine, and I am also using a wildcard cert for example.com

 

I've seen a lot of posts on enabling or disabling ssl serverprofiles, but not about selecting which profile to use.

 

here is my code thus far.

 

when HTTP_REQUEST {
    HTTP::header remove "Accept-Encoding"   

    switch [string tolower [HTTP::host]] {
        "abc.example.com" {
           Server ssl profile select goes here
            pool abc_pool_https
        }
        "xyz.example.com" { 
            set doSSL 1
        pool xyz_pool

    }
}
when SERVER_CONNECTED {
     if { $doSSL == 1 }{
       SSL::enable serverside
       SSL::profile serverssl-insecure-compatible
     }.

}