Forum Discussion
samigo_81875
Nimbostratus
NimbostratusMixed SSL/NON-SSL pools
Hello,
I have a mixed SSL and NON-SSL pools. I want to have both ClientSSL decryption ending on the LTM and then re-encrypting from LTM to the backend pool member which has SSL enabled. I'm not able to get this working using below:
when HTTP_REQUEST {
SSL::disable serverside
switch -glob [string tolower [HTTP::uri]] {
"/non-ssl_" {
use pool HTTP-pool
}
"/ssl_" {
SSL::enable serverside
use pool HTTPS-pool
}
}
}
Appreciate any help.
thanks!
6 Replies
What_Lies_Bene1Cirrostratus
What are you seeing? How are you testing this?
samigo_81875Hello, I get a connection reset.- samigo_81875Also, how can I enable some logging to trace this SSL handshake to see what is failing at? I'm testing it as below: https://www.myserver.com/non_ssl* and https://www.myserver.com/ssl*
Mike_MaherTo do tracing on SSL just take a tcpdump of the traffic and the use ssldump to decrypt the traffic and look at where the handshake is failing. http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html- Kevin_Stewart
Employee
Your iRule is using a -glob switch but you have no glob conditions, so the URIs would have to exactly match. Otherwise the iRule should work. Here's a minor modification:
when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/non-ssl*" { SSL::disable serverside pool HTTP-pool } "/ssl*" { pool HTTPS-pool } } } - samigo_81875
Thanks. I will check and let know.
