Forum Discussion
milo
Nimbostratus
NimbostratusThis iRule should be simple
I was asked to create a security policy that forwarded traffic based on specific strings in the URI to a 3rd party server via SSL. After cobbling a few rules together, I came up with something that a...
miloNimbostratus
NimbostratusI was able to resolve the issue by adding an Else statement to forward unsecure traffic to our pool. The pool was already defined in the virtual server config. I'm not sure why it needed to be referenced with an Else statement and now I can't apply it to other virtual servers which use different pools. Any thoughts on how to make this iRule more generic and functional would be appreciated.
when HTTP_REQUEST {
set secure_service 0
if { [HTTP::uri] contains "/abc/s" } {
set secure_req [findstr [HTTP::uri] "abc" 4]
set secure_service 1
}
if { $secure_service eq 1 } {
HTTP::uri /10521/$secure_req
snatpool secure_snat
pool secure
log "The secure request received is $secure_req"
log "The secure URL is [HTTP::uri]"
} else {
pool my.site.com
log "Client connected to default pool - [LB::server] "
log "The securentry URL is [HTTP::uri]"
}
}
when SERVER_CONNECTED {
if { $secure_service == 0 } {
SSL::disable
}
}
when HTTP_RESPONSE {
if { $secure_service == 1 } {
log "HTTP Status is [HTTP::status] from server [IP::remote_addr]"
log "Service is $secure_service"
}
}
