It almost certainly is what @stanislas pointed out.
As an extended note, however, since your are testing the URI path in the additional branches, it makes sense to fold those into the switch, as well. I don't really understand the last branch because a URI path will always contain a slash (/), so that conditional match is always true. Therefore, I pushed it to the switch default condition.
when CLIENT_ACCEPTED {
set collecting 0
set renegtried 0
}
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri] ]
/_hst name and ?_hst=1 parameter triggers client cert renegotiation
switch [HTTP::uri] {
"/extern/test.jsp" -
"/SO/services/dat" -
"/Ex/services/pay" {
if { !$renegtried && [SSL::cert count] == 0 } {
log local0. "[IP::client_addr]:[TCP::client_port]: A log entry"
Collecting means buffering the request. The collection goes on
until SSL::renegotiate occurs, which happens after the HTTP
request has been received. The maximum data buffered by collect
is 1-4 MB.
HTTP::collect
set collecting 1
SSL::cert mode request
SSL::renegotiate
pool FIRST_POOL_SSL
SSL::enable serverside
log local0. "WITH FIRST POOL"
}
"/extern/test.jsp" {
pool FIRST_POOL_SSL
SSL::enable serverside
log local0. "WITH FIRST POOL"
}
"/abc" {
if { [string tolower [HTTP::host]] eq "www.test.es"] } {
HTTP::redirect "https://www.test.es/test1/"
}
}
default {
if { [string tolower [HTTP::host]] eq "www.test.es" } {
HTTP::redirect "https://www.test.es[HTTP::uri]"
}
else {
SSL::disable serverside
log local0. "WITH SECOND POOL"
}
}
}
}
}
Since everything is in the switch now, there is no need for the return in the first condition.
Incidentally, in the last condition, you set the pool to LB::server pool. There is no reason to do this. If you don't invoke pool in your iRule, that is already the pool that will be selected. So, I removed that.
Also, I assume this is not the entire iRule. When you use HTTP::collect in HTTP_REQUEST, if you don't attach a listener to the HTTP_REQUEST_DATA event and invoke HTTP::release somewhere in there, the iRule will stall (and, more importantly, there would be no value in calling HTTP::collect unless you do something with the data).