Forum Discussion
Harold_Deadman_
Nimbostratus
Nimbostratuswhat is appropriate way to use SSL::disable serverside/ SSL::enable serverside
We have a requirement to encrypt server-side traffic between the F5 and our SSO web application (CAS) because passwords are transmitted. Our F5 VIP has several different applications behind it on seve...
RemcoNimbostratus
NimbostratusHi Aaron,
our irule before the change was:
when HTTP_REQUEST {
switch -glob [HTTP::host][HTTP::uri] {
"xxxx/123*" {
if { [active_members pool-123] > 0 } {
pool pool-123
persist cookie insert 123
} else {
pool pool-sorry
persist none
}
}
"xxxx/456*" {
if { [active_members pool-456] > 0 } {
pool pool-456
persist cookie insert 456
} else {
pool pool-sorry
persist none
}
}
"xxxx/789*" {
if { [active_members pool-789] > 0 } {
pool pool-hij
persist cookie insert 789
} else {
pool pool-sorry
persist none
}
}
default {
persist none
HTTP::respond 302 noserver Location "https://xxxx/123/"
}
}
}
and we had the problems when we changed it like:
when CLIENT_ACCEPTED {
SSL::disable serverside
}
when HTTP_REQUEST {
switch -glob [HTTP::host][HTTP::uri] {
"xxxx/123*" {
if { [active_members pool-123] > 0 } {
pool pool-123
persist cookie insert 123
} else {
pool pool-sorry
persist none
}
}
"xxxx/456*" {
if { [active_members pool-456] > 0 } {
pool pool-456
persist cookie insert 456
} else {
pool pool-sorry
persist none
}
}
"xxxx/789*" {
if { [active_members pool-789] > 0 } {
pool pool-hij
persist cookie insert 789
} else {
pool pool-sorry
persist none
}
}
"xxxx/abc*" {
if { [active_members pool-abc] > 0 } {
SSL::enable serverside
pool pool-abc
persist none
} else {
HTTP::respond 404 noserver
}
}
default {
persist none
HTTP::respond 302 noserver Location "https://xxxx/123/"
}
}
}