Forum Discussion
SSL::profile errors
I need help with this iRule... In some VS, when /images* is invoked, we need to redirect the traffic to another pool and change from HTTP to HTTPS in the backend.
For this purpose I've created this iRule:
when SERVER_CONNECTED {
set sp [LB::server pool]
log local0. "Server pool: $sp"
if { [IP::addr [LB::server addr] equals 10.75.64.175 ]} {
SSL::profile sslmyappimages
SSL::enable serverside
log local0. " Asignando nuevo perfil para pool de myserver.com/images"
}
else
{
log local0. " No se asigno nuevo perfil para pool de myserver.com/images"
}
}
It doesn't work, and the logs in /var/logs/ltm goes like this:
Apr 6 13:04:00 local/tmm1 err tmm1[5535]: 01220001:3: TCL error: imagesirule - wrong args: should be "SSL::profile " while executing "SSL::profile sslmyappimages"
I don't have a clue why is that happening, I also tried without SSL::enable serverside, and I think I'm following this syntax http://devcentral.f5.com/wiki/defau...nable.html
I've been careful with spaces... simply don't understand...
Thank you!!
- Colin_Walker_12Historic F5 AccountDo you have a serverSSL profile assigned to the virtual? You need to have a default serverSSL profile assigned before you can swap profiles using the SSL::profile command.
- Eric_27859NimbostratusNo, I don't have any default server SSL Profile (only one client SSL profile).
- hooleylistCirrostratusYou can enable any server SSL profile and then use SSL::profile to switch to another one. With that, server SSL will be enabled by default. You can then selectively disable encryption using SSL::disable serverside.
- Colin_Walker_12Historic F5 AccountWhat Aaron said. ;)
- Eric_27859NimbostratusThe second one leads to a cleaner iRule like the following:
- Colin_Walker_12Historic F5 AccountThe only thing I can suggest is the obvious "check the error logs" comment. Both on the server and the LTM, checking for errors is the first thing I'd do. Past that...it's dump time..ooohh fun. ;)
- Eric_27859NimbostratusYep... tail -f /var/log/ltm = your best friend...
- Colin_Walker_12Historic F5 AccountYou have an extra set of square brackets. Try:
when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/images" ) } { SSL::disable serverside } }
- Colin_Walker_12Historic F5 AccountBasically, it's trying to run "[HTTP::uri] starts_with "/images"" as a command. Which...it's not. ;)
- Eric_27859NimbostratusThank you for helping me!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com