SSL::disable¶
Description¶
Disables SSL processing. This command is useful when using a virtual
server that services both SSL and non-SSL traffic, or when you want to
selectively re-encrypt traffic to pool members.
Note: Disabling SSL on the serverside only applies before serverside
connection has been established (SERVER_CONNECTED) or when the
clientside of the connection is in a detached state (e.g., oneconnect,
LB::detach).
Syntax¶
SSL::disable [clientside | serverside]
SSL::disable [clientside | serverside]¶
- Disables SSL processing on one side of the LTM. Sends an SSL alert to the peer requesting termination of SSL processing.
- By default, the side that is disabled is the currently running context (so, running SSL::disable in a client-side event will disable client-side SSL). This can be changed via the “clientside” or “serverside” parameter.
Examples¶
when CLIENT_ACCEPTED {
if { [TCP::local_port] == 80 } {
SSL::disable
pool myPool
} elseif { [TCP::local_port] == 443 } {
pool myPool
} else {
discard
}
}
when HTTP_REQUEST {
set usessl 0
if { [string tolower [HTTP::uri]] starts_with "/secure" } {
pool ssl__pool
set usessl 1
} else {
pool static_pool
set usessl 0
}
}
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/old"}{
SSL::disable serverside
pool TestPool1
} else {
pool TestPool2
}
}