iRule order of operation (SSL offloading)
Hi Guys,
Have a noobie question on iRules, am not a programmer but need to get this working somehow!
We have an LEGACY iRule which looks at HTTP header and then sends traffic to relevant Pool. There is no Default Pool configured, it all gets determined in the iRule. All these Pools do SSL offloading. Now we are moving to Office360 which requires SSL bridging for migration, therefore want to insert a NEW iRule which sends traffic to new Pool if destined for MRSproxy. Found a NEW iRule on DevCentral forums which seems to do exactly this (see below). However it is not working, and am thinking it is order of operations or priority type issue when having multiple iRule with same Event type as the trigger...
LEGACY iRule when HTTP_REQUEST { OAB and Autodiscover do not require persistence.
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync" {
Direct all ActiveSync clients to a common pool; use Auth
header value if it exists (Basic auth only, which is the
default); otherwise we fall back to client IP
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} elseif { [HTTP::header exists "Authorization"] } {
persist uie [HTTP::header "Authorization"] 7200
} else {
persist source_addr
}
pool exchange_as_pool
COMPRESS::disable
CACHE::disable
return
}
default {
This final section takes all traffic that has not otherwise
been accounted for and sends it to the pool for Outlook Web App
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool exchange2010_owa_pool
}
}
} when HTTP_RESPONSE { if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} { ONECONNECT::reuse disable ONECONNECT::detach disable NTLM::disable } if {[HTTP::header exists "Transfer-Encoding"]} { HTTP::payload rechunk }
}NEW iRule when HTTP_REQUEST { If the request is for a proxy.svc URI select a separate pool and leave serverssl enabled if { [HTTP::path] eq "/EWS/mrsproxy.svc"}{ pool exchange2010_secure_pool } }