SSL::enable question

Robert_47833 · ‎14-May-2012

There is a VIP

ssl client profile is used but no ssl server profile

can I use SSL::enable in irule to enable ssl for some specific purpose

?

thanks in advance

Michael_Yates · ‎15-May-2012

Hi Jucao,

Yes. You can do that.

Just create a qualifying iRule event and enable SSL for it.

Example:


when SERVER_CONNECTED {
        if { ([string tolower [LB::server pool]] eq secure.server.pool ) } {
                SSL::enable serverside
        }

Hope this helps.

Robert_47833 · ‎15-May-2012

can I use this in event HTTP::request?

there is no ssl profile in server side

Michael_Yates · ‎18-May-2012

Hi Jucao,

You can just make a few modifications to your Virtual Server and iRule logic and it would work.

1. Apply the desired SSL Profile to the Virtual Server.

2. Change your iRule logic so that it will DISABLE the Server SSL Profile unless certain criteria are met. So if you only want one URI to use it then you disable it for everything that is not that URI(s).

Like this:

 
when HTTP_REQUEST {
  if { not ([HTTP::uri] starts_with "/mytargeturi/"  ) or not ([HTTP::uri] starts_with "/myothertargeturi"  ) } {
    SSL::disable serverside
  }
}

Hope this helps.

Robert_47833 · ‎21-May-2012

hello,Michael

thanks

so

when SERVER_CONNECTED {

if { ([string tolower [LB::server pool]] eq secure.server.pool ) } {

SSL::enable serverside

}

it doesn't work ,right?

DevCentral

SSL::enable question