Where can you assign SSL::profiles within an iRule?
We are now migrating app3 and app4 to be hosted by a cloud provider across a dedicated circuit which requires the Server Name Indicator to be set. I am able to set the server name in the serverssl Profile and it works. However that only works for app3 because app4 has a different server name. Under the ACCESS_ACL_ALLOWED event, the only things to add regarding ssl profiles is {enable/disable} or renegotiate. I can create individual serverssl profiles to have the appropriate SNI but where would i be able to apply them? I have refered to the irule events order diagram (which is very helpful) and on the client side you can not change the ssl::profile after the CLIENT_DATA event or on the server-side after SERVER_CONNECTED. Any ideas where I can assign the correct serverssl profile to the pools that are in the Cloud? Here is a snippet of the iRule we are working with. There is a lot more to this iRule including header rewrites but i didn't feel it would matter too much to this problem.
when ACCESS_ACL_ALLOWED {
switch -glob [string tolower [HTTP::uri]] {
"/app1a/*" -
"/app1b/*" {
pool Pool_app1 }
"/app2a/*" -
"/app2b/*" {
pool Pool_app2 }
"/app3a/*" -
"/app3b/*" {
pool Pool_app3 }
"/app4a/*" -
"/app4b/*" {
pool Pool_app4 }
default {
pool Pool_default
}
}
}