Forum Discussion

Robert_47833's avatar
Robert_47833
Icon for Altostratus rankAltostratus
May 15, 2012

SSL::enable question

There is a VIP

 

ssl client profile is used but no ssl server profile

 

can I use SSL::enable in irule to enable ssl for some specific purpose

 

?

 

 

thanks in advance

 

4 Replies

  • Hi Jucao,

    Yes. You can do that.

    Just create a qualifying iRule event and enable SSL for it.

    Example:

    
    when SERVER_CONNECTED {
            if { ([string tolower [LB::server pool]] eq secure.server.pool ) } {
                    SSL::enable serverside
            }
    

    Hope this helps.
  • can I use this in event HTTP::request?

     

    there is no ssl profile in server side
  • Hi Jucao,

    You can just make a few modifications to your Virtual Server and iRule logic and it would work.

    1. Apply the desired SSL Profile to the Virtual Server.

    2. Change your iRule logic so that it will DISABLE the Server SSL Profile unless certain criteria are met. So if you only want one URI to use it then you disable it for everything that is not that URI(s).

    Like this:

     
    when HTTP_REQUEST {
      if { not ([HTTP::uri] starts_with "/mytargeturi/"  ) or not ([HTTP::uri] starts_with "/myothertargeturi"  ) } {
        SSL::disable serverside
      }
    }
    

    Hope this helps.
  • hello,Michael

     

    thanks

     

     

    so

     

    when SERVER_CONNECTED {

     

    if { ([string tolower [LB::server pool]] eq secure.server.pool ) } {

     

    SSL::enable serverside

     

    }

     

    it doesn't work ,right?