For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

khope007_214548's avatar
khope007_214548
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015

Unable to match uri pattern in a http's' request

I have the following iRule setup which allows me to request a pool based on uri.

 

when HTTP_REQUEST { Grab destination URI set URI [string tolower [HTTP::uri]] if { [class match $URI starts_with dg_pattern-local] } { pool "POOL_BETA-LOCAL-HTTPS"} else { return }

 

}

 

This iRule works for Virtual Servers using http (port 80) but not when applied to a VS using a https (443)- it still just sends the traffic to the default pool applied to the VS. The http VS uses a client profile.

 

Any help is appreciated.

 

Karl

 

application delivery
devops
iRules
LTM

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 06, 2015

    The trick here is that you have to apply a server SSL profile to the VIP and then remove it for requests that don't need it. So something like this:

    when HTTP_REQUEST { 
    if { [HTTP::uri] starts_with "/site1" } { 
        pool site1-pool
        SSL::disable serverside
    } elseif { [HTTP::uri] starts_with "/site2" } { 
        pool site2-pool 
    }
}

    There are some other examples in the SSL::disable wiki page:

    https://devcentral.f5.com/wiki/iRules.SSL__disable.ashx