Forum Discussion

AaronMLong_1021's avatar
AaronMLong_1021
Icon for Cirrus rankCirrus
Nov 05, 2015

HTTP/HTTPS discrepancy for HTTP::respond iRule

Here's the relevant chunk of my iRule code:

 

when HTTP_REQUEST {
        switch -glob [HTTP::host] {
                "host.example.test" { HTTP::respond 503 content "Services are offline for maintenance.\n" }
        }
}

However, I see different behaviour depending on whether I apply the iRule to HTTP or HTTPS VIP. HTTP seems to work:

 

[aaron@home ~]$ curl -k http://host.example.test/anything
Services are currently down for maintenance.

HTTPS, however, throws this error:

 

[aaron@home ~]$ curl -k https://host.example.test/anything
curl: (56) SSL read: errno -5961

Any idea what I'm doing wrong?

 

application delivery
devops
iRules
LTM
management

3 Replies

Sort By
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 05, 2015

    Do you have a client SSL profile on the virtual server that you have the iRule attached to? If not you will get RSTs trying to do any HTTP profiles.

     

  • AaronMLong_1021's avatar
    AaronMLong_1021
    Icon for Cirrus rankCirrus
    Nov 05, 2015

    Yes, there is nothing awry with the VIP, it works perfectly normally when called under normal operations. It's this iRule that I'm trying to apply to block traffic for maintenance which is causing problems.

     

  • sfuerst_116779's avatar
    sfuerst_116779
    Historic F5 Account
    Nov 05, 2015

    Are you doing anything else afterwards in that iRule (or another triggered by the same event) that uses HTTP iRule commands? If so, those operations will fail, and cause the connection to be dropped. (After calling HTTP::respond, the HTTP context is gone.)

     

    You may want to look in /var/log/ltm for error messages.