cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

iRule to selectively perform server side encryption based on URL and/or URI

bizooga
Nimbostratus
Nimbostratus

I am currently running SSL offloading on my BIGIP. I was wondering if it would be possible to do server side encryption only for a specific URL and/or URI using an iRule? If so, does anyone have any examples they could share?

 

I don't want to do SSL bridging for all my traffic just for a single exception URL and/or URI

 

Thanks,

 

Kevin

 

5 REPLIES 5

Hi,

 

You have to put a Serverssl profile first on your Virtual Server and then put a similar irule in place :

 

when HTTP_REQUEST { if { !([HTTP::uri] contains "/myexception/uri") } { SSL::disable serverside } }

Vijay_E
Altocumulus
Altocumulus

CLASS_URI is the datagroup that contains the list of URI for which you need server-side SSL encryption. I am using "NOT" logic to disable server-side SSL encryption.

 

Try this (untested):

 

when HTTP_REQUEST { if { not ([class match [HTTP::uri] eq CLASS_URI]) } { SSL::disable serverside } }

Hi,

 

You are right, please find below an example :

 

when HTTP_REQUEST { if { !([HTTP::uri] contains "/myexception/uri") } { SSL::disable serverside } else { pool my_ssl_pool } }

bizooga
Nimbostratus
Nimbostratus

How about this?

 

when HTTP_REQUEST { if { !([HTTP::uri] contains "/myexception/uri") } { SSL::enable serverside pool my_ssl_pool } else { pool non_ssl_pool SSL: disable serverside } }

Hi,

 

In that case, just remove the "!" in the if condition :

 

when HTTP_REQUEST { if { [HTTP::uri] contains "/myexception/uri" } { SSL::enable serverside pool my_ssl_pool } else { SSL:disable serverside pool non_ssl_pool } }