For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Landono's avatar
Landono
Icon for Nimbostratus rankNimbostratus
Sep 04, 2014

SSL Serverside Not Being Disabled Correctly

Currently we have an iRule that selects the pool based on the URL path. Some pools accept SSL while others do not. In the IF statement (which is in the HTTP_REQUEST event block), if the traffic is fo...
application delivery
deployment
devops
iRules
LTM
ssl
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 04, 2014

You should absolutely be able to use SSL::disable serverside in the HTTP_REQUEST event. You may alternatively want to adjust how you're filtering on the URIs, and/or investigate if these URIs are consistent.

when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
    HTTP::header insert "X-Forwarded-Proto" "https"

    if { [string tolower [HTTP::uri]] starts_with "/foo" } {
        pool pool_foo_https
    } elseif { [string tolower [HTTP::uri]] starts_with "/bar" } {
        pool pool_bar_http
        SSL::disable serverside
    } else {
        pool $default_pool
        SSL::disable serverside
    }
}