iRule to choose SSL serverside Profile to use based on HTTP_REQUEST

Figured it out! Had to add a variable in the HTTP_REQUEST and add the event for SERVER_CONNECTED. See code below.

Hi Folks,

I want to think this is possible. I am trying to based on the HTTP_REQUEST and host header, select the serverside connections SSL profile. For example,

If host header is abc.example.com I want the serverside SSL profile to be the default serverssl. But if the host header is xyz.example.com then I want the serverside SSL profile to be serverssl-insecure-compatible. Teh client side connection works fine, and I am also using a wildcard cert for example.com

I've seen a lot of posts on enabling or disabling ssl serverprofiles, but not about selecting which profile to use.

here is my code thus far.

when HTTP_REQUEST {
    HTTP::header remove "Accept-Encoding"   

    switch [string tolower [HTTP::host]] {
        "abc.example.com" {
           Server ssl profile select goes here
            pool abc_pool_https
        }
        "xyz.example.com" { 
            set doSSL 1
        pool xyz_pool

    }
}
when SERVER_CONNECTED {
     if { $doSSL == 1 }{
       SSL::enable serverside
       SSL::profile serverssl-insecure-compatible
     }.

}

can you do the same thing on the client side ?

can you do the same thing on the client side ?

isn't sni usable?

sol13452: Configuring a virtual server to serve multiple HTTPS sites using TLS Server Name Indication feature

http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html

This is older but I wanted to ad my notes/comments because I just ran into this. Hope this helps someone out in the future.

I added a default ssl server profile to my VIP. Then updated my primary irule to initially disable the server side ssl for all sites and then renable it on the website that I needed it on.

when CLIENT_ACCEPTED {
SSL::disable serverside
}

when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
  site1.website.com { pool site1.website.com_pool }
  site2.website.com { pool site2.website.com_pool }
  SSLsite3.website.com { 
   SSL::enable serverside
   pool SSLsite3.website.com_pool 
   }
  site4.website.com { pool site4.website.com_pool }
 default { reject }
}
}

Hi,

You can do easier since version 11.5 (feature is available in 11.4 but not working...) with Local traffic policies.

Rule 1:

• Condition :
  • HTTP-host host site1.website.com
• action :
  • forward pool site1.website.com_pool
  • serverssl disable

Rule 2:

• Condition :
  • HTTP-host host site2.website.com
• action :
  • forward pool site2.website.com_pool
  • serverssl disable

Rule 3 (SSL Site):

• Condition :
  • HTTP-host host site3.website.com
• action :
  • forward pool site3.website.com_pool

thank you.... this post helped me.