Redirect HTTPS traffic based on URI without HTTP profile

Question

This is current problem, I have a Citrix Access gateway. This server runs a web server but also tunnels the ICA traffic in HTTPS. If a HTTP profile is enabled this breaks. I want to direct traffic to a different pool that runs standard IIS web servers based on URI. The VIP is SSL. The citrix pool has a client SSL profile and the IIS pool has HTTP. Attached is the iRule I wrote and it seems to work. I'm worried that it makes the choice based on the HTTPS_Handshake; Can I depend on this happening anytime someone changes the URI?

when CLIENT_ACCEPTED {  
  HTTP::disable  
  }  
    
  when CLIENTSSL_HANDSHAKE {  
  SSL::collect 4  
  HTTP::disable  
  }  
    
  when CLIENTSSL_DATA {  
     if { ([SSL::payload 4] equals  "GET " )} {  
      HTTP::enable  
      }  
  disable HTTP profile if it does not look like HTTP (Read: ICA traffic)  
  else {  
  HTTP::disable  
   }  
  }  
    
  when HTTP_REQUEST {   
  LB::detach  
  if { [string tolower [HTTP::path]] starts_with  "/IISWebsite" } {  
  LB::detach  
  serverside { SSL::disable  }  
  pool IIS_Pool  
  }  
  else {  
  pool Citrix_Pool  
  }  
  }

hooleylist · Answer

I'd expect that the client can establish a TCP connection and an SSL session and send multiple HTTP requests over the same TCP connection.  They'd also be able to resume the SSL handshake using the same SSL session ID, but that should trigger a new CLIENTSSL_HANDSHAKE event. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Redirect HTTPS traffic based on URI without HTTP profile

1 Reply

Recent Discussions

VPN fragmented IP packets dropped

minimum tmos software version for connect CIS (openshift)

security patch release

redirect not working

Reliable resources for identifying IP addresses

Related Content

irule uri traffic redirection failing

fellow traffic

Traffic Policy vs iRule Pool Redirect

Anchor Link Redirect

Block traffic