Avoid SSL Handshake When Pool is Unavailable

Problem this snippet solves:

If no servers are available in the pool serving an HTTPS Virtual Server, LTM will still perform the SSL handshake with the client (which is expected behaviour, and is required in order to allow LTM to process iRules and/or some HTTP profile options). To instead reject the connection when no pool members are available and avoid the delay incurred for the SSL handshake, you can use the following iRule.

Code :

# This event is triggered when a TCP connection is established with the client
when CLIENT_ACCEPTED {
   # Check if the default pool of the VIP has no active members
   if {[active_members [LB::server pool]] < 1}{
      # Disable the client SSL profile and send a TCP reset to the client
      SSL::disable
      reject
   }
}