Forum Discussion

Shazee's avatar
Shazee
Icon for Altocumulus rankAltocumulus
Aug 17, 2021

Use different Client SSL profile for https traffic with same domain and different URI.

I have configured a virtual server to accept HTTPS from the public network. Perform a TLS MA on HTTPS traffic, then does a host header rewrite and assigns it to a pool. Example: https://myorg.com/v...
application delivery
cloud
iRules
LTM
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Aug 17, 2021

Hi , 

try this iRule, I think it should work. 

when SERVER_CONNECTED {
    if { [HTTP::uri] starts_with "/abc" } {
        SSL::profile serverssl_profile1
    } elseif { [HTTP::uri] starts_with "/xyz" } {
        SSL::profile serverssl_profile2
    } elseif { [HTTP::uri] starts_with "/lalala" } {
        SSL::profile serverssl_profile3
    } else {
        # default
        # SSL::disable
    }
    
}

KR

Daniel

  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Aug 17, 2021

    Sorry, please ignore my above response. I misunderstood your requirement, I understood it like mTLS on the serverside.

     

    I think your requirement cannot be satisfied. First TLS handshake happens, then HTTP URI is inspected. I would not know how to turn this process around.