SSL Serverside Not Being Disabled Correctly
Currently we have an iRule that selects the pool based on the URL path. Some pools accept SSL while others do not. In the IF statement (which is in the HTTP_REQUEST event block), if the traffic is forwarded to a pool that doesn't support SSL we have the command SSL:disable serverside. However, it seems that occasionally SSL is not being disabled correctly. Looking around it seems this may be because we should have SSL being disabled in the SERVER_CONNECTED block. I've modified our iRule to disable SSL by default, select the pool in the HTTP_REQUEST block and then re-enable SSL if needed in the SERVER_CONNECTED block. However, it seems that my string comparisons for the pool name in the SERVER_CONNECTED block are not working correctly. Any help on what I'm doing wrong in this iRule is appreciated.
Current iRule:
when CLIENT_ACCEPTED {
SSL::disable serverside
set default_pool [LB::server pool]
}
when HTTP_REQUEST {
HTTP::header insert "X-Forwarded-Proto" "https"
if { [HTTP::uri] starts_with "/foo" } {
pool pool_foo_https
}
elseif { [HTTP::path] starts_with "/bar" } {
pool pool_bar_http
}
else {
pool $default_pool
}
}
when SERVER_CONNECTED {
if { ([string tolower [LB::server pool]] matches "pool_foo_https") } {
SSL::enable serverside
}
else {
SSL::enable serverside
}
}