Forum Discussion
mshoaib
Cirrus
CirrusServer SSL Profile - how to use selectively
Hi there, I have a situation and wonder to check here if one came across the same. I have a VIP listening on https with SSL Client profile configured with a valid SSL Certificate. This VI...
Sachin-Garg
Altostratus
AltostratusHi Muhammad,
Can you please share the details of your iRule and VIP
There are 2 ways you can try accomplish this
Method 1 - Using iRule
You need to add a default ssl server profile or the required Server side SSL profile to your VIP. Then updatemy your irule to initially disable the server side ssl for all sites and then renable it on the website where you needed it on.
- when CLIENT_ACCEPTED {
- SSL::disable serverside
- }
- when HTTP_REQUEST {
- switch [string tolower [HTTP::host]] {
- site1.website.com { pool site1.website.com_pool }
- site2.website.com { pool site2.website.com_pool }
- SSLsite3.website.com {
- SSL::enable serverside
- pool SSLsite3.website.com_pool
- }
- site4.website.com { pool site4.website.com_pool }
- default { reject }
- }
- }
Method 2 - You can do easier since version 11.5 (feature is available in 11.4 but not working...) with Local traffic policies.
Rule 1:
- Condition :
- HTTP-host host site1.website.com
- action :
- forward pool site1.website.com_pool
- serverssl disable
Rule 2:
- Condition :
- HTTP-host host site2.website.com
- action :
- forward pool site2.website.com_pool
- serverssl disable
Rule 3 (SSL Site):
- Condition :
- HTTP-host host site3.website.com
- action :
- forward pool site3.website.com_pool
