Dynamically remove serverssl profile
My question is how the iRule should look to dynamically remove the serverssl profile when traffic goes to pool using 80. I have a pool with a WAF and a real server set in priority groups with the WAF being the priority (100) and real server secondary (10). The WAF accepts port 80 but if the WAF is not available traffic will forward directly to the real server using port 443. I read best practice is to have serverssl applied to VIP and have iRule strip it away instead of adding it when needed. Here is the syntax of the iRule that I beleive may work and looking for confirmation and adjustments. Thanks
when CLIENT_ACCEPTED { if { [TCP::local_port] == 80} { SSL::disable pool myPool } elseif { [TCP::local_port] == 443 } { pool myPool } else { discard } }