Forum Discussion
nitass
Jul 16, 2013Employee
you have to assign serverssl profile to virtual server but disabling/enabling it in irule.
e.g.
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
pool foo80
destination 172.28.19.252:443
ip protocol 6
rules qux
profiles {
clientssl {
clientside
}
http {}
serverssl {
serverside
}
tcp {}
}
}
[root@ve10:Active] config b pool foo80 list
pool foo80 {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b pool foo443 list
pool foo443 {
members 200.200.200.101:443 {}
}
[root@ve10:Active] config b rule qux list
rule qux {
when HTTP_REQUEST {
SSL::disable serverside
if { [HTTP::uri] starts_with "/xyz" } {
SSL::enable serverside
pool foo443
}
}
}
[root@ve10:Active] config curl -Ik https://172.28.19.252/
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 14:23:30 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8
[root@ve10:Active] config curl -Ik https://172.28.19.252/xyz/
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 14:23:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 16 Jul 2013 14:22:22 GMT
ETag: "468841-59-b48d8380"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8