For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ryan_Rowe_79249's avatar
Ryan_Rowe_79249
Icon for Nimbostratus rankNimbostratus
Sep 24, 2009

Rule to use different SSL Profile

I need a rule that when someone comes in to point to a different SSL Cert profile (ie. address a,b,c use serverSSL; all others use client SSL)...would that be possible to do in 1 rules or should I cre...
application delivery
dev
devops
iRules
L4L7_53191's avatar
L4L7_53191
Icon for Nimbostratus rankNimbostratus
Sep 24, 2009
Here's an example that may help (from the SSL::enable command on the iRules wiki page): 

 
 when CLIENT_ACCEPTED { 
     if { !([IP::addr [IP::client_addr] eq 10.0.0.0/8]) } { 
       SSL::enable 
       TCP::release 
       set sslenable 0 
    }

The logic above essentially says "if it's a NOT a 10.x address, use SSL." You can easily enable/disable serverside or clientside SSL with the SSL::enable and SSL::disable commands. Have a look at:

http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__enable.html

http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__disable.html

HTH,

Matt