Nimbostratus
I am moving my HA Pair to a new location. During the move I have a LTM 1600 that will redirect requests to a maintenance page. I am planning on just adding an irule to each VIP that will redirect HTTP requests to the Maintenance Page URL.
ie.
when HTTP_REQUEST {
HTTP::redirect "http://x.y.z"
}
This works for HTTP requests, but how do I handle my VIPs that serve HTTPS?
Thanks
Nimbostratus
Do your SSL Certificates reside on the F5? Meaning, do you have a Client SSL Profile enabled on the HTTPS Virtual Server?
If you do, then the same iRule will work without causing any issues.
If the HTTPS Virtual Server does not have a Client SSL Enabled (The SSL Certificate is applied on the Server) then you will need to put your redirect to your maintenance page in the location that has the SSL Certificate in order to prevent any SSL Certificate Errors from being displayed to your customers.
NimbostratusNimbostratusNimbostratus
As long as the F5 has the SSL Certificate that matches the incoming URL and can properly respond to the client preventing an SSL Certificate Error, then you can do whatever you want after that.
It has to do with the order that the events are processed in. As you can see below, the SSL Handshake and Certificate Verification come before the HTTP_REQUEST iRule Event:
RULE_INIT
CLIENT_ACCEPTED
CLIENTSSL_HANDSHAKE
CLIENTSSL_CLIENTCERT
HTTP_REQUEST
Nimbostratus