Forum Discussion

Kyle_S's avatar
Kyle_S
Icon for Nimbostratus rankNimbostratus
Jul 13, 2017

Where can you assign SSL::profiles within an iRule?

We are now migrating app3 and app4 to be hosted by a cloud provider across a dedicated circuit which requires the Server Name Indicator to be set. I am able to set the server name in the serverssl Profile and it works. However that only works for app3 because app4 has a different server name. Under the ACCESS_ACL_ALLOWED event, the only things to add regarding ssl profiles is {enable/disable} or renegotiate. I can create individual serverssl profiles to have the appropriate SNI but where would i be able to apply them? I have refered to the irule events order diagram (which is very helpful) and on the client side you can not change the ssl::profile after the CLIENT_DATA event or on the server-side after SERVER_CONNECTED. Any ideas where I can assign the correct serverssl profile to the pools that are in the Cloud? Here is a snippet of the iRule we are working with. There is a lot more to this iRule including header rewrites but i didn't feel it would matter too much to this problem.

when ACCESS_ACL_ALLOWED {    
  switch -glob [string tolower [HTTP::uri]] { 
        "/app1a/*" -  
        "/app1b/*" {  
            pool Pool_app1 }  
        "/app2a/*" -  
        "/app2b/*" {  
            pool Pool_app2 }  
        "/app3a/*" -  
        "/app3b/*" {  
            pool Pool_app3 }  
        "/app4a/*" -  
        "/app4b/*" {  
            pool Pool_app4 }  
        default {  
            pool Pool_default  
            }  
    }

}

application delivery
cloud
iRules

1 Reply

Sort By
  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Jul 13, 2017

    Hello

     

    try this code ,

     

    when CLIENT_ACCEPTED { 

    SSL::disable serverside

}

when ACCESS_ACL_ALLOWED {    
set poolnumber "0"

  switch -glob [string tolower [HTTP::uri]] { 
        "/app1a/*" -  
        "/app1b/*" {  
            pool Pool_app1
            set poolnumber "1"  
            }  
        "/app2a/*" -  
        "/app2b/*" {  
            pool Pool_app2 
            set poolnumber "2"
            }  
        "/app3a/*" -  
        "/app3b/*" {  
            pool Pool_app3 
            set poolnumber "3"
            }  
        "/app4a/*" -  
        "/app4b/*" {  
            pool Pool_app4 
            set poolnumber "4"
            }  
        default {  
            pool Pool_default  
            }  
    }  
}

when SERVER_CONNECTED {

if { $poolnumber == "1" } { 
        SSL::profile serverssl_profile1 
        SSL::enable
  } elseif { $poolnumber == "2" } {
        SSL::profile serverssl_profile2
        SSL::enable
  } elseif { $poolnumber == "3" } {
        SSL::profile serverssl_profile3
        SSL::enable
  } elseif { $poolnumber == "4" } {
        SSL::profile serverssl_profile4
        SSL::enable
  } else {
        SSL::profile serverssl_profile_default
        SSL::enable
  } 
}