bernie_9326
Feb 24, 2010Nimbostratus
in layer 7 routing, how to direct request under SSL
Hi
Wondering if you can help. We are trying to use layer 7 routing to send web requests to three different pools.
Our questions are - is there a way to set up Layer 7 routing such that
a. if the requests come in as HTTPS, we can interpret the URI and the redirected request goes up as HTTPS (see issues in Test 2 below)
b. if the requests come in as HTTP, we simply redirect along as HTTP.
Our test iRule is:
when HTTP_REQUEST {
log local0. "uri=[HTTP::uri]"
set uri [HTTP::uri]
if {$uri starts_with "/acme"} {
log local0. " going to pool-acme"
pool pool-acme
} elseif {$uri starts_with "/onlyssl"} {
pool pool-onlyssl
} else {
pool pool-bob
}
}
Test 1
When we send in the request as HTTP (e.g., http://vip/acme), the iRule works. The request comes in and goes to pool-acme.
Test 2
if we send in the request as httpS://vip/onlyssl (because the servers in pool-onlyssl only serves requests coming in as HTTPS), the HTTP::uri returns what appears to be encrypted string. Specifically, it is not /onlyssl but is instead something like "uri=~G?}?~_?X??\R".
Our suspicion is that the request is still under SSL hence the URI is still encrypted.
Test 3
If we set up the virtual server to break the SSL. We could be wrong but we added "clientssl" to Virtual Server > Configuration > SSL Profile (client). When we did that, the logging now shows "uri=/onlyssl". However, the request going to the onlyssl servers are in HTTP. We needed them to be in SSL.
Test 4
We then also added "serverssl" to SSL Profile (server). Now the requests goes all the way to the onlyssl servers as HTTPS and we get a clean response.
Test 5
But now the problem is that the original request in Test 1 fails.