Forum Discussion
Dec 08, 2015
Hi,
here is a modified excerpt from the iRule I used for a clients Exchange environment:when CLIENT_ACCEPTED {
switch [TCP::local_port] {
81 {
Cleartext HTTP traffic (redirect into https)
SSL::disable clientside
pool defaultPool
return
}
443 {
Encrypted HTTP traffic (decrypt, forward to pool)
pool elsePool
return
}
default {
Reject everything else
reject
return
}
}
}
The associated virtual server has a client-ssl profile and optionally a server-ssl profile depending on your specific requirements.
The virtual server works in mode of "Standard" and uses TCP and has a port of "0" to listen on all service ports. The pools will be configured with specific ports. In case of incoming traffic on TCP/81 the client-ssl profile will be disabled by the iRule. In case of incoming traffic on TCP/443 the virtual servers client-ssl profile will kick in and terminate SSL before forwarding traffic to the elsePool. Btw, the original iRule has more use cases and turns http profile on and off, modifies persistence methods and rewrites redirects. (In production since a couple of months instead of using the approach described in the deployment guide.) Thanks, Stephan