Forum Discussion
CirrusIs it possible to write an Irule for SSL exception based on IP address?
Hello,
is it possible to write an irule for except the traffic from specefic source address to pass it with out SSL?
I have an VIP configured with SSL offloading and http to https redirection.Seems i need to except some IP address from http redirection and SSL offloading. Is it possible?
example: the VIP url is https://remote.myvip.com. It is configured with http to https redirection. But the IP address 10.55.22.22 want to access the url only on port 80. Is it possible without configuring additional vip??
-Jinshu
3 Replies
Something like this?
when HTTP_REQUEST { if { [IP::addr [IP::client_addr] ne 10.55.22.22] } { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } else { pool http_pool } }Add this to the virtual server listening on port 80 and replace http_pool with the name of the pool you want to use.
/Patrik
JinshuCan i use below irule to disable http to https redirection for VIP on port 80??
when HTTP_REQUEST { if { [IP::addr [IP::client_addr] eq 10.55.22.22] } { return do nothing } else { HTTP::redirect https://[HTTP::host][HTTP::uri] } }-Jinshu
Question 1:
Yes, by doing something like this:
when HTTP_REQUEST { if { [IP::addr [IP::client_addr] ne 10.55.22.22] or [IP::addr [IP::client_addr] ne 10.55.22.23] } { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } else { pool http_pool } }Note that data group lists are recommended if the list of IP's grows longer.
Question 2:
Yes.
/Patrik
