Forum Discussion

Joanna_41630's avatar
Joanna_41630
Icon for Nimbostratus rankNimbostratus
Nov 06, 2009

Creating iRule for to select ssl profile to use.

Hello, I have a situation where I have one virtual server listening on port 443, depending on the URI the vs will send it to one of two pools. The site abc.com/xyz will be sent to xyz_pool which listens on port 443, site abc.com will be sent to abc_pool which listens on port 8177 which is a mixture of clear text and ssl. I have a certificate for abc.com and have applied it to a client ssl profile, when applied to the vs abc.com works fine, but not abc.com/xyz. If I apply the default server ssl profile to the vs, it will work but not the original abc.com. I've tried writing an iRule, that goes like this:

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/xyz" || "/lmn"}{

 

SSL::disable clientside

 

pool researchportal_https_pool

 

} else {

 

SSL::disable serverside

 

pool rush_https_pool

 

}

 

}

 

 

starting out I have both ssl profile clien and server applied. This is working too well for me, am I missing something? Has anyone done something like this? Any help will be greatly appreciated.

 

 

Thank you!
application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 09, 2009
    Can you elaborate on why you're trying to disable SSL on the clientside? The SSL handshake would have already been completed by the time you parse the URI and run SSL::disable clientside. When you say port 8177 is a mixture of HTTP and HTTPS, are you saying the server will accept SSL and cleartext requests? That would be a bit atypical.

    Also, to check for two URI's, you can use 'if {[HTTP::uri starts_with "/xyz"] or [HTTP::uri] starts_with "/lmn"]}' or for more efficiency, you could use switch: 

      
  when HTTP_REQUEST {  
    
      Check requested URI  
     switch -glob [HTTP::uri] {  
        "/xyz*" -  
        "/lmn*" {  
            URI started with /xyz or /lmn  
        }  
        default {  
            URI didn't start with /xyz or /lmn  
        }  
     }  
  }

    Aaron