Forum Discussion
Octavia_45884
Nimbostratus
NimbostratusPool redirect for VIP on port 443
I am looking to create a iRule that allows https traffic to a particular virtual server to be redirected to specific pool based on the URI.
I know that the pool redirect works based on some tests; however, I am having issues because the port must be 443 and my http profile does not accept anything except port 80.
When I try to test the rule by connecting to the VIP, I do not even get to the iRule because of the profile.
I have been working on this for a week now and I have tried to avoid asking for help; however, I am stumped!
Please help?
Here are the rules I've tried...
RULE 1 (Being that it would not accept port 443, I thought that I could explicitly tell it to look for https traffic. This did not work.)
when HTTP_REQUEST {
if {(( [HTTP::uri] starts_with "/nwpperf") and ([TCP::local_port] == 443)) } {
pool tam61fmtam-pool
} else {
pool fmtam_pool
}
}
RULE 2 (So, I got rid of the TCP::local_port and just tried to to do the pool redirect. That didn't work either because it never even hit the iRule. When I used port 80 as the listening port, it redirected; however, the backend nodes have SSL certificates and require https.)
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/nwpperf" } {
pool tam61fmtam-pool
} else {
pool fmtam_pool
}
}
Any help would be GREATLY appreciated!!
Thanks!
hoolioCirrostratus
If you're applying an HTTP based iRule to a virtual server which receives HTTPS requests, you need to apply a client SSL profile to the virtual server to decrypt the SSL. It shouldn't matter which port the VS is defined for using the HTTP profile.
Aaron
Octavia_45884Thank you!! It seems as if I was doing everything except that. I had to user client_ssl as well as server_ssl in order to get it to work. Also, it worked on my original rule with the local_port==443.
Thanks for your help!