Forum Discussion
NimbostratusiRule to selectively perform server side encryption based on URL and/or URI
I am currently running SSL offloading on my BIGIP. I was wondering if it would be possible to do server side encryption only for a specific URL and/or URI using an iRule? If so, does anyone have any examples they could share?
I don't want to do SSL bridging for all my traffic just for a single exception URL and/or URI
Thanks,
Kevin
5 Replies
Yann_DesmarestCirrus
Hi,
You have to put a Serverssl profile first on your Virtual Server and then put a similar irule in place :
when HTTP_REQUEST { if { !([HTTP::uri] contains "/myexception/uri") } { SSL::disable serverside } }
Vijay_ECLASS_URI is the datagroup that contains the list of URI for which you need server-side SSL encryption. I am using "NOT" logic to disable server-side SSL encryption.
Try this (untested):
when HTTP_REQUEST { if { not ([class match [HTTP::uri] eq CLASS_URI]) } { SSL::disable serverside } }- Yann_Desmarest
Hi,
You are right, please find below an example :
when HTTP_REQUEST { if { !([HTTP::uri] contains "/myexception/uri") } { SSL::disable serverside } else { pool my_ssl_pool } } - bizooga
How about this?
when HTTP_REQUEST { if { !([HTTP::uri] contains "/myexception/uri") } { SSL::enable serverside pool my_ssl_pool } else { pool non_ssl_pool SSL: disable serverside } } - Yann_Desmarest
Hi,
In that case, just remove the "!" in the if condition :
when HTTP_REQUEST { if { [HTTP::uri] contains "/myexception/uri" } { SSL::enable serverside pool my_ssl_pool } else { SSL:disable serverside pool non_ssl_pool } }
