disable ssl client profile based on source address

Question

&nbsp; Can someone show me an iRule that would allow me to disable the SSL Client profile dynamically based on the source address. We have an app server that needs to talk http but all the other clients need to keep using HTTPS. Any help is very much appreciated. 
&nbsp;  
&nbsp; Thank you,

hooleylist · Answer

Hi John, 
  
 You can use SSL::disable after checking the client IP.  To check a single client IP address or range, you can use the IP::addr command (Click here).  To check the client IP against multiple addresses or ranges, you can use the matchclass command (Click here).

when CLIENT_ACCEPTED  
  
     Check if client IP is 10.10.10.0/24 
    if {[IP::addr [IP::client_addr] equals 10.10.10.0/24]}{ 
  
        Disable the client SSL profile 
       SSL::disable 
    } 
 }

Aaron

Forum Discussion

disable ssl client profile based on source address

1 Reply

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

CSV to Address External Datagroup File

SSL Profiles

How to disable weak cipher from Client SSL Profile

Disable Inter-VLAN Routing?

disable http retry