Forum Discussion

maher_69299's avatar
Icon for Nimbostratus rankNimbostratus
Mar 18, 2011

Not Caching HTTPS traffic

When we take our web servers for maintenance we would like to post a Sorry message for our customers. Currently we do this successfully with HTTP traffic. How can we do it with HTTPS traffic?. Here is the iRule configuration that works for the HTTP traffic







switch [string tolower [HTTP::path]]








HTTP::respond 503 content [lindex $::downsite_html 0] "Content-Type" "text/html" "Retry-After" "3600" "Pragma" "no-cache" "Cache-Control" "no-cache" "Expires" "-1"








7 Replies

  • More explination, the reason we are doing this is because Akami caches our "Sorry" site and it takes many hour before the cache clears. What we did with HTTP is basically to tell Akami not to cache the page so that we we bring our web servers then users can access them instantly. We are looking for a similar iRule that will acheive similar results when users type
  • The same rule should work for HTTPS Traffic (Provided you are decrypting the traffic).


  • The IRule should work for https VS. If not, I would put in the some logging to see what kind of error it's throwing.
  • I am curious how you tested this on your HTTPS side to determine that it doesn't work.



    With Akami being thrown in front it complicates the matter quickly considering all of the different ways it can cache your traffic.



    My suggestion would be to test this again, but go directly to the Virtual Server (bypass Akami) and test the functionality. If your application is URL Dependent you could use a Hosts File Entry.
  • The guys are right, should work.. Are you hosting the cert on the LTM? You will need to decrypt the SSL in order to use the iRule logic.. you will also need to re-encrypt if the server is expecting SSL.. server side and client side SSL profiles....
  • Colin_Walker_12's avatar
    Historic F5 Account
    As a couple of posters have mentioned already: If you aren't decrypting SSL on the LTM there's no way this iRule will ever fire. If you are, then this should work just fine. Verify that you're decrypting SSL on the LTM, that the iRule is applied to the appropriate VIP, and if you're still having problems let us know.