Forum Discussion
Chip_Anderson
Nimbostratus
NimbostratusUnable to LoadBalance HTTPS requests
This iRule works fine for us:
use pool sslpool
but this iRule doesn't:
if (http_uri starts_with "/def/servlet") {
use pool ssl-servlets
}
else {
use pool sslpool
}
When the second version is installed in our SSL (port 443) virtual server, all SSL traffic stops flowing (browser hangs) regardless of the URL that is used. When the iRule is changed to the first version, everything works fine. This is with 4.5 PTF03.
I tried to find something like "https_uri" but didn't see it in the docs. Did I miss it?
Any other ideas? Thanks in advance.
- Chip
1 Reply
- I don't see any issue with your iRule. There is no https_uri variable as https is a transport level configuration, not at the HTTP level.
You might try to throw in some logging to see if what you are expecting as input is actually coming in that way.if (http_uri starts_with "/def/servlet") { use pool ssl-servlets log "matched host(" + http_host + "), uri(" + http_uri + ") by client(" + client_addr + ") : using ssl-servlets" } else { use pool sslpool log "didn't match host(" + http_host + "), uri(" + http_uri + ") by client(" + client_addr + ") : using sslpool" }
If this shows that you are falling through to the "use pool sslpool" command and that is hanging, while the single-line iRule with that same command succeeds, then something is wrong and you should report that to F5 Product Technical support.
Most times though, some simple logging will help. The output will be in the "/var/log/bigip" file on the BIG-IP device.
Another question is whether you are terminating the ssl session on the BIG-IP or not. There may be some information that can't be obtained from the encrypted traffic without decrypting it first. You'll need to make sure that the nodes in both pools are either configured to for HTTP (if the BIG-IP is terminating the connection) or HTTPS if it's not.
Again, some simple logging should show any issues.
-Joe
