Faintly_Lucky
Apr 24, 2010Nimbostratus
Second set of eyes, please
Hello all:
I wrote this iRule with people who don't have many public addresses or have found the need to conserve them in mind. I just started a new job, so I don't have access to any F5s to check my syntax. I'm also not an application or systems person, so I was hoping some of you gurus will take pity on the poor network guy and let me know if I have any of my commands out of order. I don't have much experience with TCL, but I do have program design, so I'm pretty sure that I have all of my brackets in the right place and that there aren't any flaws in my modules, but those are famous last words, so please speak up if you see something. The purpose of this rule is to take a list of sites that do SSL off-loading and switch pool and SSL client profile based on HTTP::host. I'd like feedback about my syntax, command order, and efficiency if that wouldn't be too much trouble.
Thanks in advance,
Lucky
when CLIENT_ACCEPTED {
set default_pool [LB::server pool]
}
when HTTP_REQUEST {
pool $default_pool
array set hostpool {
yoursite.yourdomain.com yoursite.yourdomain.com_pool
yoursite.yourdomain.com yoursite.yourdomain.com_pool
yoursite.yourdomain.com yoursite.yourdomain.com_pool
yoursite.yourdomain.com yoursite.yourdomain.com_pool
}
array set client_ssl_select {
yoursite.yourdomain.com client_ssl_yoursite.yourdomain.com
yoursite.yourdomain.com client_ssl_yoursite.yourdomain.com
yoursite.yourdomain.com client_ssl_yoursite.yourdomain.com
yoursite.yourdomain.com client_ssl_yoursite.yourdomain.com
}
foreach { site pool } [ array get hostpool ] {
switch [string tolower [HTTP::host]] {
$site { pool $pool {
foreach { name profile } [ array get client_ssl_select ] {
switch [string tolower [HTTP::host]] {
$name { SSL::profile $profile SSL::renegotiate
}
}
}
}
}
}
}