Forum Discussion

Albert__Tase_70's avatar
Albert__Tase_70
Icon for Nimbostratus rankNimbostratus
Jun 29, 2011

using Irule to manage and control ssl client profiles

Hello     Is it possible to use an Irule to match based on https url if it matches say https://axc.com assign ssl client profile A then load balnce to a spefic pool ?   and in same Irule s...
application delivery
dev
devops
iRules
Valentine_96813's avatar
Valentine_96813
Icon for Nimbostratus rankNimbostratus
Jun 30, 2011
Here are two different ways I do it. The first is based in a single VS and iRule doing different redirects to pools. The second is redirecting to another VS. You can use this second method if you wanted do something like apply client certs as in this example. You'll have to strip out what you dont need, I was OTR when I posted this.

 

 

First:

 

}

 

rule rule_www.abc.com_443 {

 

when HTTP_REQUEST {

 

if { [string tolower [HTTP::uri]] contains "test" } {

 

SSL::disable serverside

 

pool pool_www.abc.com_80

 

} elseif { [string tolower [HTTP::uri]] eq "/" } {

 

SSL::disable serverside

 

HTTP::redirect "https://www.abc.com/home.aspx"

 

} elseif { [string tolower [HTTP::uri]] starts_with "/def" } {

 

SSL::enable serverside

 

pool pool_www.abc.com_doc_443

 

snat none

 

virtual vs_www.abc.com_443-SERVERSSL

 

} elseif { [string tolower [HTTP::uri]] contains "myweb" } {

 

SSL::enable serverside

 

pool pool_www.abc.com_myweb_443

 

snat none

 

virtual vs_www.abc.com_443-SERVERSSL

 

} elseif { [string tolower [HTTP::uri]] starts_with "/files/" } {

 

set uri [findstr [HTTP::uri] "/Files/" 10 ]

 

HTTP::uri "/abc/$uri"

 

log local0. "[HTTP::uri] matched /abc$uri"

 

SSL::disable serverside

 

pool pool_www.abc.com_files_80

 

} else {

 

SSL::disable serverside

 

pool pool_www.abc.com_80

 

}

 

}

 

 

 

 

Second:

 

}

 

rule rule_alpha.bravo.com_443 {

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/abcd" } {

 

set exact_name "https://[HTTP::host]:444[HTTP::uri]"

 

HTTP::redirect "https://[HTTP::host]:444[HTTP::uri]"

 

log local0. "got here $exact_name"

 

} elseif { ([HTTP::uri] eq "/")

 

or ([HTTP::uri] starts_with "/test.htm")

 

or ([HTTP::uri] starts_with "/efg/")

 

or ([HTTP::uri] starts_with "/hij/")

 

or ([HTTP::uri] starts_with "/klm/")

 

or ([HTTP::uri] starts_with "/nop/") } {

 

allow if matches the above otherwise reject per below

 

}

 

else {

 

reject

 

}

 

}

 

}

 

rule rule_alpha.bravo.com_444 {

 

when CLIENTSSL_CLIENTCERT {

 

HTTP::release

 

if { [SSL::cert count] < 1 } {

 

reject

 

}

 

}