NimbostratusI am currently running SSL offloading on my BIGIP. I was wondering if it would be possible to do server side encryption only for a specific URL and/or URI using an iRule? If so, does anyone have any examples they could share?
I don't want to do SSL bridging for all my traffic just for a single exception URL and/or URI
Thanks,
Kevin
CirrusHi,
You have to put a Serverssl profile first on your Virtual Server and then put a similar irule in place :
when HTTP_REQUEST {
if { !([HTTP::uri] contains "/myexception/uri") } {
SSL::disable serverside
}
}
CirrusCLASS_URI is the datagroup that contains the list of URI for which you need server-side SSL encryption. I am using "NOT" logic to disable server-side SSL encryption.
Try this (untested):
when HTTP_REQUEST {
if { not ([class match [HTTP::uri] eq CLASS_URI]) } {
SSL::disable serverside
}
}
Hi,
You are right, please find below an example :
when HTTP_REQUEST {
if { !([HTTP::uri] contains "/myexception/uri") } {
SSL::disable serverside
} else {
pool my_ssl_pool
}
}
How about this?
when HTTP_REQUEST {
if { !([HTTP::uri] contains "/myexception/uri") } {
SSL::enable serverside
pool my_ssl_pool
} else {
pool non_ssl_pool
SSL: disable serverside
}
}
Hi,
In that case, just remove the "!" in the if condition :
when HTTP_REQUEST {
if { [HTTP::uri] contains "/myexception/uri" } {
SSL::enable serverside
pool my_ssl_pool
} else {
SSL:disable serverside
pool non_ssl_pool
}
}