Forum Discussion
Brad_Parker
Mar 11, 2016Cirrus
Here is an example iRule that will disable your SSL profile for traffic received on port 80 and allow HTTP all the way through on that port. Since you are using SSL bridging you will leave your clientSSL, serverSSL, and http profiles attached to the VIP and set you VIP to use * for the port. AND, please don't just throw this into production without testing it :-).
when RULE_INIT {
Requests to ports not defined in either the https or http ports list will be reset
Define virtual server ports that should have SSL enabled
set static::vip_https_port 443
Define virtual server ports that should be answered with HTTP
set static::vip_http_port 80
}
when CLIENT_ACCEPTED {
if { [TCP::local_port] == $static::vip_https_port] }{
Request was to an HTTPS port, so do nothing for the clientside connection.
The defined client and/or server SSL profiles will be applied as normal
if {[PROFILE::exists clientssl] == 0}{
reject
}
}
elseif { [TCP::local_port] == $static::vip_http_port }{
Request was to an HTTP port, not an HTTPS port, so disable client SSL profile if one is enabled on the VIP
Check to see if there is a client SSL profile and if so, disable it
if { [PROFILE::exists clientssl] == 1} {
SSL::disable clientside
}
Check to see if there is a server SSL profile and if so, disable it
if { [PROFILE::exists serverssl] ==1} {
SSL::disable serverside
}
}
else {
Request wasn't to a defined port, so reset the TCP connection.
reject
}
}