enable ssl serverside for specific uri

you have to assign serverssl profile to virtual server but disabling/enabling it in irule.

e.g.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo80
   destination 172.28.19.252:443
   ip protocol 6
   rules qux
   profiles {
      clientssl {
         clientside
      }
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo80 list
pool foo80 {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b pool foo443 list
pool foo443 {
   members 200.200.200.101:443 {}
}
[root@ve10:Active] config  b rule qux list
rule qux {
   when HTTP_REQUEST {
  SSL::disable serverside
  if { [HTTP::uri] starts_with "/xyz" } {
    SSL::enable serverside
    pool foo443
  }
}
}

[root@ve10:Active] config  curl -Ik https://172.28.19.252/
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 14:23:30 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8

[root@ve10:Active] config  curl -Ik https://172.28.19.252/xyz/
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 14:23:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 16 Jul 2013 14:22:22 GMT
ETag: "468841-59-b48d8380"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8

actually I tried this one

 

 

when CLIENT_ACCEPTED {

 

SSL::disable serverside

 

}

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/xyz" } {

 

SSL::enable serverside

 

pool foo443

 

}

 

}

 

will this work?what is the difference between this one and yours?

 

this is the vip config

 

virtual srwd33-www {

 

mirror enable

 

snat automap

 

destination 10.10.10.10:http

 

ip protocol tcp

 

rules test-irule

 

profiles {

 

http {}

 

oneconnect {}

 

serverssl {

 

serverside

 

}

 

tcp-lan-optimized {

 

serverside

 

}

 

tcp-wan-optimized {

 

clientside

 

}

 

}

 

}

 

 

irule test-irule before "it has intermittent issue which goes to fallback host if I want to hit default-pool

 

when CLIENT_ACCEPTED {

 

SSL::disable serverside

 

}

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/test1" } {

 

SSL::enable serverside

 

pool xyz

 

return

 

}

 

else {

 

pool default-pool

 

}

 

 

 

test-irule after:it is fine

 

when SERVER_CONNECTED priority 10 {

 

if { [LB::server pool] eq "xyz" }{

 

SSL::enable serverside

 

}

 

else {

 

SSL::disable serverside

 

}

 

}

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/test1" } {

 

pool xyz

 

return

 

}

 

else {

 

pool default-pool

 

}

 

 

I want to know the root cause and which way is recommended

irule test-irule before "it has intermittent issue which goes to fallback host if I want to hit default-pool

is it possible that there are multiple http requests in one tcp connection which some is https (xyz) and some is http (default-pool)?

 

hmmm,I am not sure

 

it is just non-keepalive connection for this vip

 

 

everytime I use one url to test,sometimes it works fine,sometimes it hit fallback host

 

in tcpdump ,I found F5 send encrypted data to default pool