Forum Discussion
NimbostratusIssue with irule
Dear Experts,
I am facing issue with one irule which I need to create so users from defined IP address should be presented with different certificate and rest users should be presented with default certificate. So for this purpose I created 2 clientssl profile and mentioned in irule. Instead of adding in clientssl profile of VS. The issue I am seeing is LTM is able to identify the ip address but giving the error while attaching the client ssl profile. Below is the irule and ltm logs:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals "1.1.1.1"]} { log local0. "IP address:[IP::client_addr]" SSL::profile Test1_SSL } else { log local0. "IP address:[IP::client_addr]" SSL::profile clientssl } }
Error:
Internal info tmm[13056]: Rule /Common/test_ssl_irule : IP address:10.240.24.45 Internal err tmm[13056]: 01220001:3: TCL error: /Common/test_ssl_irule - Operation not supported (line 6) (line 6) invoked from within "SSL::profile clientssl"
Internal info tmm[13056]: Rule /Common/test_ssl_irule : IP address:1.1.1.1 Internal err tmm[13056]: 01220001:3: TCL error: /Common/test_ssl_irule - Operation not supported (line 3) (line 3) invoked from within "SSL::profile Test1_SSL"
Please suggest?
Thanks.
2 Replies
Greg_LabelleDo you have a SSL profile associated to the virtual server in question? You have to have one for the command to work. SSL::disable can be used to turn it off if it is unnecessary.
Samir_Jha_52506Noctilucent
Hi Amit,
Try below iRule. Hope it will work.
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals "1.1.1.1"]} { log local0. "IP address:[IP::client_addr]" SSL::profile Test1_SSL } else { log local0. "IP address:[IP::client_addr]" SSL::profile clientssl } } when HTTP_REQUEST { SSL::renegotiate }
