Disable Server SSL profile using iRules while using the ProxyPass iRule
Hey everyone!
We have a generic VS which receives all of the traffic for a certain IP address + port 443. We have applied the ProxyPass iRule which distributes the connections to the correct pool based on the URL.
The VS itself is configured to use both a Client SSL profile and a Server SSL profile. This works for the current servers linked to the VS but the new pool I want to add does not use HTTPS.
The pool member is using a non standard port over the HTTP protocol so when the BIG-IP device is establishing its connection to the pool member it obviously does not work since it's communicating over HTTPS.
I have been trying to turn off the Server SSL profile by using iRules but I don't seem to get it to work. I have used the examples found in the SSL::disable article and I have the following examples that I have tried:
Example:1
when HTTP_REQUEST {
if { [HTTP::host] equals "url.com"}{
SSL::disable serverside
pool pool1
}
}
Example 2:
when HTTP_REQUEST {
if { [HTTP::host] equals "url.com"} {
pool pool1
set usessl 0
}
}
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}
Example 3:
when HTTP_REQUEST {
if { [HTTP::host] equals "url.com"}{
pool pool1
}
}
when SERVER_CONNECTED {
if { [PROFILE::exists serverssl] == 1} {
set disable "SSL::disable serverside"
}
}
I applied logging and I can at least see that the traffic is matching the iRule but I'm not entirely sure how I can add more logging to see everything that's happening.
Example 3 will probably turn off ServerSSL entirely but either way it did not work. I'm starting to guess that the ProxyPass iRule is conflicting with my own iRule but I don't have enough iRule knowledge to determine that.
Has anyone else tried to do the same? Do you guys have a suggestion on how to solve this without needing a new external IP address?
Thanks in advance!