For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Esa_H_192976's avatar
Esa_H_192976
Icon for Nimbostratus rankNimbostratus
Sep 02, 2015

Re-routing with SSL problem

Hi there

 

I'm a newbie with LTM and have been struggling with following some time now, with no success...

 

I have two servers in a pool with load balancing and SSL decryption at LTM. Everything is working just fine but what I would like to do is the following...

 

I'd like to add another node(s) to where I'd like the end users to be rerouted by link on a main site (or string returning to their browser). I have a VIP and virtual server that decrypts SSL and forwards it to actual application servers. I have managed to get re-route work with just HTTP but I'd like to re-route traffic encrypted from browser to LTM.

 

Please advice

 

application delivery
availability
devops
iApps
iRules
security

4 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Sep 07, 2015

    perhaps i don't understand your question fully. but this sounds like a simple second pool to which traffic is send when the client goes to a specific URI.

     

    so for example

     

    https://domain.com/ --> pool1 https://domain.com/special --> pool2

     

    for that you can use iRule or local traffic policy.

     

    is that what you want?

     

  • Esa_H_192976's avatar
    Esa_H_192976
    Icon for Nimbostratus rankNimbostratus
    Sep 08, 2015

    Hi and thanks for the help... Indeed, that is what I really would like to have, but somehow I just can't get it to work.

    the example:

    Pool 1 contains server1, Pool 2 contains server 2...

    and...

    • if a reply from server contains e.g. username "Homer" ---> should go to pool4

    I have this kind of an iRule... (copied from Devcentral)

        when HTTP_REQUEST { 
    log local0. "request received" 
       if { [string tolower [HTTP::uri]] starts_with "Tequila" } { 
       log local0. "request for service received. Selecting end server" 
          pool Pool2     }
     elseif  { [string tolower [HTTP::uri]] starts_with "Whiskey" } { 
       log local0. "request for service received. Selecting end server" 
        pool Pool3


 }
 else { pool Pool1
         log local0. "Condition not matched. to Pool 1..."
 } 
} 
when SERVER_CONNECTED { 
log local0. "Connection from [IP::client_addr]:[TCP::client_port] to 2. server: [IP::server_addr]:[TCP::server_port] established."
}

    Somehow it just not work properly the connection is taken to wrong server of not at all

    Esa

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Sep 08, 2015
      well the combination string to lower with a comparison that contains a Uppercase letter wont work of course. start with changing that, i.e. : if { [string tolower [HTTP::uri]] starts_with "tequila" } {
  • Esa_H_192976's avatar
    Esa_H_192976
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2015

    Hi again... thanks... I got a little futher with an issue. I will return with some new issues later.