Avoid SSL Handshake When Pool is Unavailable
Problem this snippet solves:
If no servers are available in the pool serving an HTTPS Virtual Server, LTM will still perform the SSL handshake with the client (which is expected behaviour, and is required in order to allow LTM to process iRules and/or some HTTP profile options). To instead reject the connection when no pool members are available and avoid the delay incurred for the SSL handshake, you can use the following iRule.Code :
# This event is triggered when a TCP connection is established with the client when CLIENT_ACCEPTED { # Check if the default pool of the VIP has no active members if {[active_members [LB::server pool]] < 1}{ # Disable the client SSL profile and send a TCP reset to the client SSL::disable reject } }
Published Jan 30, 2015
Version 1.0Angel_Martinez_
Nimbostratus
Joined February 20, 2007
Angel_Martinez_
Nimbostratus
Joined February 20, 2007
- JRahmAdminContributed by macondo