Managing Server SSL profile with iRule

So, here's the configuration: I have SSL client and server profiles enabled. A new sub-app is being introduced and they owners don't want to require SSL for this portion of the site.

 

 

I attempted adapt the following iRule to manage the SSL profile selection based on HTTP::path/pool selection, but nothing I could think of trying worked.

 

 

Any one have any pearls of wisdom to share with me? Be gentle. This is my most elaborate iRule to date and the first one I haven't been able to puzzle through on my own.

 

 

 

 

foris.extranet.sonyericsson.com

 

when SERVER_CONNECTED {

 

if { [string tolower [HTTP::path]] starts_with "/dotnet" } {

 

SSL::disable

 

} else {

 

SSL::profile foris_server

 

}

 

}

 

 

when HTTP_REQUEST {

 

SSL::renegotiate

 

HTTP::header replace "X-origin-IP" [IP::client_addr]

 

HTTP::header replace "X-ORIGINAL-PROTOCOL" "HTTPS"

 

switch -glob [string tolower [HTTP::host] ]

 

{

 

"dotnetforis.extranet.sonyericsson.com*"

 

{

 

HTTP::header replace "host" "foris.extranet.sonyericsson.com"

 

switch -glob [string tolower [HTTP::path]]

 

{

 

"/dotnet*" { pool foris-dotnet-http }

 

"/shopcatalog*"{ pool foris_b2b_seld_https }

 

"/b2b_semc*" { pool foris_b2b_seld_https }

 

"/b2bshop*" { pool foris_b2b_seld_https }

 

"/isaimages*"

 

{

 

HTTP::uri "/b2b_semc2[HTTP::uri]"

 

pool foris_b2b_seld_https

 

}

 

default { pool foris_root_seld_https }

 

}

 

}

 

default { drop }

 

}

 

}

 

 

 

Regards,

 

 

-=JW=-