For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Paul_Zajicek_73's avatar
Paul_Zajicek_73
Icon for Nimbostratus rankNimbostratus
May 30, 2007

selectively remove https

Hi,   I have an app that uses both client and server side ssl,   but I have to stop the server side ssl for a certain uri (a webservice) but still keep the client side ssl,   I've searched t...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 30, 2007
In the HTTP_REQUEST event on the clientside (client to BIG-IP), you can determine if the request is one you want to disable SSL for on the serverside (BIG-IP to node).

Here's an example:


when HTTP_REQUEST {
   set usessl 1
   if { [HTTP::path] starts_with "/clear" } {
      set usessl 0
   }
}
when SERVER_CONNECTED {
   if { $usessl == 0 } {
      SSL::disable
   }
}

Else, I think you could use 'clientside' to force the evaluation of HTTP::path to the clientside context and do this in one event:


when SERVER_CONNECTED {
   log local0. "Requested path: [clientside {HTTP::path}]"
   if { [clientside {HTTP::path}] starts_with "/clear" } {
      SSL::disable
   }
}

If you have multiple URI's to disable encryption for, you might want to define them in a datagroup and then check the requested URI against the datagroup list.

Aaron