pagefaulted_698
Mar 24, 2010Nimbostratus
Redirect HTTPS traffic based on URI without HTTP profile
This is current problem, I have a Citrix Access gateway. This server runs a web server but also tunnels the ICA traffic in HTTPS. If a HTTP profile is enabled this breaks. I want to direct traffic to a different pool that runs standard IIS web servers based on URI. The VIP is SSL. The citrix pool has a client SSL profile and the IIS pool has HTTP. Attached is the iRule I wrote and it seems to work. I'm worried that it makes the choice based on the HTTPS_Handshake; Can I depend on this happening anytime someone changes the URI?
when CLIENT_ACCEPTED {
HTTP::disable
}
when CLIENTSSL_HANDSHAKE {
SSL::collect 4
HTTP::disable
}
when CLIENTSSL_DATA {
if { ([SSL::payload 4] equals "GET " )} {
HTTP::enable
}
disable HTTP profile if it does not look like HTTP (Read: ICA traffic)
else {
HTTP::disable
}
}
when HTTP_REQUEST {
LB::detach
if { [string tolower [HTTP::path]] starts_with "/IISWebsite" } {
LB::detach
serverside { SSL::disable }
pool IIS_Pool
}
else {
pool Citrix_Pool
}
}