For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Landono's avatar
Landono
Icon for Nimbostratus rankNimbostratus
Sep 04, 2014

SSL Serverside Not Being Disabled Correctly

Currently we have an iRule that selects the pool based on the URL path. Some pools accept SSL while others do not. In the IF statement (which is in the HTTP_REQUEST event block), if the traffic is fo...
application delivery
deployment
devops
iRules
LTM
ssl
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 04, 2014

Maybe some additional logging is in order:

when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
    log local0. "default pool is $default_pool"
}
when HTTP_REQUEST {
    log local0. "incoming uri: [HTTP::uri]"
    HTTP::header insert "X-Forwarded-Proto" "https"

    if { [string tolower [HTTP::uri]] starts_with "/foo" } {
        log local0. "sending to foo pool"
        pool pool_foo_https
    } elseif { [string tolower [HTTP::uri]] starts_with "/bar" } {
        log local0. "sending to bar pool"
        pool pool_bar_http
        SSL::disable serverside
    } else {
        log local0. "sending to default pool"
        pool $default_pool
        SSL::disable serverside
    }
}

In this case you may also want to enable OneConnect.