Forum Discussion

Michael_107360's avatar
Michael_107360
Icon for Cirrus rankCirrus
Aug 06, 2016

Is it possble to have 443 splash page without ssl profile

Currently I have a virtual server setup on 80 and 443 with ssl offloading, which is working perfectly. I have a question about using a splash page on 443 if it will work or not. So traffic comes in ...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Aug 06, 2016

Hi Michael,

its possible to mix your 

http:11230
and 
https:443
nodes on the same Virtual Server using seperate pools but also in a single pool using the priority group activation feature.

But mixing SSL with HTTP nodes on the same Virtual Server is performancewise not that ideal, since it would require you to assign a Server_SSL_Profile and then disable Server_SSL with an iRule on every connection attempt to the default nodes (aka. 

http:11230
) resp. (re)enable Server_SSL on every connection attempt to the fallback nodes (aka. 
https:443
). Take a look to the iRule below to see how to selectively enable/disable Server_SSL:

when SERVER_CONNECTED {
    if { [PROFILE::exists serverssl] } then {
        if { [TCP::remote_port] != 443 } then {
            SSL::disable serverside
        } else {
            SSL::enable serverside
        }
    } else {
        log -noname local0. "$log_prefix !!!! Warning !!!! The Virtual Server [URI::basename [virtual name]] has no SSL Server Profile assigned !!!! Warning !!!!"
    }
}

Note: To reduce the performance overhead of the Server_SSL_Profile handling, you should consider to enable the 

[ONECONNECT]
feature on your Virtual Server. This will allow you to reuse the serverside connections as much as possible.

Cheers, Kai