SSL VS keep TCP open if pool down

Question

Hello,&nbsp;
&nbsp;At this time, when a pool behind a vs ssl is down, the vs ssl is down. But it is still possible to negociate ssl.&nbsp;
&nbsp;Is it possible to reject ssl negociation (by closing the port) when the pool is down ?&nbsp;
&nbsp;Thanks for your reply,&nbsp;
&nbsp;Regards,&nbsp;
&nbsp;Flo,&nbsp;&nbsp;

hoolio · Answer

Sure.  Here is a more generic version of the Codeshare example:
http://devcentral.f5.com/wiki/default.aspx/iRules/HowToAvoidSSLHandshakeWhenNoPoolMemberAvailable.html
 This event is triggered when a TCP connection is established with the client
when CLIENT_ACCEPTED {
    Check if the default pool of the VIP has no active members
   if {[active_members [LB::server pool]] &lt; 1}{
       Disable the client SSL profile and send a TCP reset to the client
      SSL::disable
      reject
   }
}
Aaron

Forum Discussion

SSL VS keep TCP open if pool down

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

AppWorld 2024 Call For Speakers open

Share Your Expertise at F5 AppWorld 2025! CFP is now open.

F5 XC vk8s workload with Open Source Nginx

Testing the security controls for a notional FDX Open Banking deployment

BIG-IP Next: iRules pool routing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS