Forum Discussion

neilclark's avatar
neilclark
Icon for Nimbostratus rankNimbostratus
Feb 23, 2018

iRules to select pools and SSL profiles

Hi Guys,

 

I have a requirement for the following and am wondering if it can be achieved with iRules?

 

I have a VIP configured and at the moment i have an irule that selects a pool to Loadbalance to based on the URI that is in the Http request.

 

The problem i have is one destination needs to have a Server SSL profile applied to send the traffic encrypted to the server, the other destination requires the request to be forwarded unencrypted.

 

So i was wondering if i can add statements to the existing irule that would apply and SSL profile to one destination but not the other.

 

this is the current iRule i have in place ( i have substituted the real info) so to Pool1 i want encrypted, to Pool2 i want unencrypted

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/xx/yyyy/" { pool Pool1 } "/AA/BB//CC" { pool Pool2} default { HTTP::respond 404 } } }

 

Any help would be gratefully appreciated.

 

1 Reply

  • oguzy's avatar
    oguzy
    Icon for Cirrostratus rankCirrostratus

    Hi neilclark,

     

    If your virtual server listens port 443 and server ssl profile selected by default, you can try the below code:

     

    when RULE_INIT {
       set ssl_state 1
    }
    when HTTP_REQUEST {
       switch -glob [string tolower [HTTP::uri]] { 
          "/xx/yyyy/" { 
             pool Pool1
           } 
          "/AA/BB//CC" { 
             pool Pool2 
             $ssl_state 0
          } 
          default { HTTP::respond 404 } 
       } 
    }
    
    when SERVER_CONNECTED {
       if { $ssl_state equals 0 } {
          SSL::disable
       }
    }

    Also please check iRule Event Order - HTTPS/SSL - Client & Server Side