Listening on both HTTP+HTTPS port

From Tech-Wiki
Jump to: navigation, search

Back to iRules 

when SERVER_CONNECTED { 
 if {[TCP::remote_port] != 443} { 
   SSL::disable 
 } 
}

Or below 

when RULE_INIT {
   # Requests to ports not defined in either the https or http ports list will be reset
   # Define virtual server ports that should have SSL enabled
   set static::vip_https_port 443
   # Define virtual server ports that should be answered with HTTP
   set static::vip_http_port 80
}
when CLIENT_ACCEPTED {
   if { [TCP::local_port] == $static::vip_https_port }{
       # Request was to an HTTPS port, so do nothing for the clientside connection.
       # The defined client and/or server SSL profiles will be applied as normal
       if {[PROFILE::exists clientssl] == 0}{
           reject
       }
   }
   elseif { [TCP::local_port] == $static::vip_http_port }{
       # Request was to an HTTP port, not an HTTPS port, so disable client SSL profile if one is enabled on the VIP
       # Check to see if there is a client SSL profile and if so, disable it
       if { [PROFILE::exists clientssl] == 1} {
           SSL::disable clientside
       }
       # Check to see if there is a server SSL profile and if so, disable it
       if { [PROFILE::exists serverssl] ==1} {
           SSL::disable serverside
       }
   }
   else {
       # Request wasn't to a defined port, so reset the TCP connection.
       reject
  }
}
Retrieved from ‘http://tech-wiki.net/index.php?title=Listening_on_both_HTTP%2BHTTPS_port&oldid=1331