Nimbostratus
Also, what would the irule look like if I wanted the opposite: all of the apps except one encrypted?
We have the big ip with the encryption options.
Thanks!
-Bill
Cirrostratus
Can you provide more detail on what you're trying to accomplish?
You say that you have multiple apps running on the same server and only want to encrypt traffic to some of the apps. Do you mean you want to encrypt some of the traffic between the client and the virtual server (client SSL), or traffic from the BIG-IP to the web server (server SSL)?
If you want to use client SSL, it would be simplest to create a separate virtual server per application and use a client SSL profile per virtual server you want encryption for. You shouldn't need a rule for this.
If you want to use server SSL, you could also create separate virtual servers and corresponding server SSL profiles. If, on the same virtual server, you need to have some traffic to the web servers encrypted but others not, you could use a rule. The general idea for selective server SSL encryption on a single VIP to the pool(s) is to configure a server SSL profile on the virtual server and then disable it for requests you don't want encrypted.
Here is an example from citizen_elah: (Click here)
Aaron
Nimbostratus
Only SSL between the client and the Big IP VIP.
I'll talk with the dev re using a separate virtual server.
What about if I want to use SSL for everything BUT one app? Same solution? A virtual server for the public app only?
Thanks again