Forum Discussion

wtwagon_99154's avatar
wtwagon_99154
Icon for Nimbostratus rankNimbostratus
May 19, 2009

Question about applying HTTP_REQUEST to HTTPS

Pretty new to iRules -- wanted to see if I could get some assistance.

 

 

I'm trying to make a rule as follows:

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "2." } {

 

pool int36.443

 

}

 

elseif { [HTTP::uri] starts_with "3." } {

 

pool int79.443

 

}

 

}

 

 

When I apply this to the HTTPS VIP, it does not work. However, if i change it to 80 and apply it to our HTTP VIP, it works just fine.

 

 

Do I have to host the wildcard certificate as a server side certificate to get this to work?

 

 

We host the wildcard certificate on our application servers at this point in time.

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    May 19, 2009
    Hi,

     

     

    If you are not offloading the SSL at the LTM, then you will not be able to do anything with HTTP traffic contained within the encrypted stream that is passing through.

     

     

    So you'd need to set up a clientssl profile using your certificate, and if you wanted to re-encrypt before going to the server, then you would also use a serverssl profile (on which the certificate doesn't really matter).

     

     

    Denny
  • wtwagon_99154's avatar
    wtwagon_99154
    Icon for Nimbostratus rankNimbostratus
    May 19, 2009
    Thanks,

     

     

    just to confirm:

     

     

    I will need to import the certificate from the server on to the LTM, and then create a clientssl profile. The clientssl profile should contain the certificate and the key?
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    May 19, 2009
    That's correct (the LTM accepts PEM/OpenSSL format certificates). Also if you don't use the serverssl profile the application will begin receiving connections in clear text so you also need to make sure that is acceptable.

     

     

    Denny