Nimbostratus
NimbostratusI think I've managed to sort it. It appears to have been a typo in your iRules. I've modified the rules so it now looks like this:
when HTTP_REQUEST {
set IP_ADDR [session lookup uie [IP::client_addr]]
log local0.info "--SPSTEST-- session lookup data IP_ADDR = $IP_ADDR and IP_client_addr = [IP::client_addr]"
Look for the 'POST' method - a client is posting data back to the portal
if { [HTTP::method] equals "POST" } {
if {$IP_ADDR == ""} {
Set the LTM pool to the 'SSL' enabled pool
pool SPS_SSL_pool
log local0.info "--SPSTEST-- SSL Chosen for [HTTP::method] ip_addr = IP_ADDR$"
} else {
pool SPS_SSL_pool member $IP_ADDR 443
log local0.info "--SPSTEST-- SSL Chosen for [HTTP::method] and pool node $IP_ADDR"
}
}
else {
Not a 'POST'...
Disable the LTM-to-server SSL profile (so LTM talks in the clear to IIS)
SSL::disable serverside
Select the HTTP only pool
if {$IP_ADDR == ""} {
pool SPS_HTTP_pool
} else {
pool SPS_HTTP_pool member $IP_ADDR 80
}
}
}
when LB_SELECTED {
session add uie [IP::client_addr] [LB::server addr] 1200
}I think the problem was with the 'pool' command when you selected the specific IP_ADDR$ member. The keyword 'member' was missing.
Examining the logs it all seems to work a treat now - I'm seeing the client stick to the same IIS server through http and https.
I'm also guessing I no longer need a default persistence profile as the client address is recorded with a timeout of 1200s? It seems to work fine without this.
Many, many thanks for you help on this - it's much appreciated.
Cheers,
Richard