For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

neilclark's avatar
neilclark
Icon for Nimbostratus rankNimbostratus
Feb 23, 2018

iRules to select pools and SSL profiles

Hi Guys,

 

I have a requirement for the following and am wondering if it can be achieved with iRules?

 

I have a VIP configured and at the moment i have an irule that selects a pool to Loadbalance to based on the URI that is in the Http request.

 

The problem i have is one destination needs to have a Server SSL profile applied to send the traffic encrypted to the server, the other destination requires the request to be forwarded unencrypted.

 

So i was wondering if i can add statements to the existing irule that would apply and SSL profile to one destination but not the other.

 

this is the current iRule i have in place ( i have substituted the real info) so to Pool1 i want encrypted, to Pool2 i want unencrypted

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/xx/yyyy/" { pool Pool1 } "/AA/BB//CC" { pool Pool2} default { HTTP::respond 404 } } }

 

Any help would be gratefully appreciated.

 

application delivery
BIG-IP
iRules

1 Reply

  • oguzy's avatar
    oguzy
    Icon for Cirrostratus rankCirrostratus
    Feb 23, 2018

    Hi neilclark,

     

    If your virtual server listens port 443 and server ssl profile selected by default, you can try the below code:

     

    when RULE_INIT {
   set ssl_state 1
}
when HTTP_REQUEST {
   switch -glob [string tolower [HTTP::uri]] { 
      "/xx/yyyy/" { 
         pool Pool1
       } 
      "/AA/BB//CC" { 
         pool Pool2 
         $ssl_state 0
      } 
      default { HTTP::respond 404 } 
   } 
}

when SERVER_CONNECTED {
   if { $ssl_state equals 0 } {
      SSL::disable
   }
}

    Also please check iRule Event Order - HTTPS/SSL - Client & Server Side