cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

SSL::enable question

Robert_47833
Altostratus
Altostratus
There is a VIP

 

ssl client profile is used but no ssl server profile

 

can I use SSL::enable in irule to enable ssl for some specific purpose

 

?

 

 

thanks in advance

 

4 REPLIES 4

Michael_Yates
Nimbostratus
Nimbostratus
Hi Jucao,

 

 

Yes. You can do that.

 

 

Just create a qualifying iRule event and enable SSL for it.

 

 

Example:

 

when SERVER_CONNECTED { if { ([string tolower [LB::server pool]] eq secure.server.pool ) } { SSL::enable serverside }

 

 

Hope this helps.

Robert_47833
Altostratus
Altostratus
can I use this in event HTTP::request?

 

there is no ssl profile in server side

Michael_Yates
Nimbostratus
Nimbostratus
Hi Jucao,

 

 

You can just make a few modifications to your Virtual Server and iRule logic and it would work.

 

 

1. Apply the desired SSL Profile to the Virtual Server.

 

2. Change your iRule logic so that it will DISABLE the Server SSL Profile unless certain criteria are met. So if you only want one URI to use it then you disable it for everything that is not that URI(s).

 

 

Like this:

 

when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/mytargeturi/" ) or not ([HTTP::uri] starts_with "/myothertargeturi" ) } { SSL::disable serverside } }

 

 

Hope this helps.

Robert_47833
Altostratus
Altostratus
hello,Michael

 

thanks

 

 

so

 

when SERVER_CONNECTED {

 

if { ([string tolower [LB::server pool]] eq secure.server.pool ) } {

 

SSL::enable serverside

 

}

 

it doesn't work ,right?