ltm rule command SSL disableΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



SSL::disable
       Disables SSL processing.

SYNOPSIS
       SSL::disable (clientside | serverside)?

DESCRIPTION
       Disables SSL processing. This command is useful when using a virtual
       server that services both SSL and non-SSL traffic, or when you want to
       selectively re-encrypt traffic to pool members.

       Note: Disabling SSL on the serverside only applies before serverside
       connection has been established (SERVER_CONNECTED) or when the
       clientside of the connection is in a detached state (e.g., oneconnect,
       LB::detach).

RETURN VALUE
       SSL::disable [clientside | serverside]
	   Disables SSL processing on one side of the LTM. Sends an SSL alert
       to the peer requesting termination of SSL processing.
	   By default, the side that is disabled is the currently running
       context (so, running SSL::disable in a client-side event will disable
       client-side SSL). This can be changed via the "clientside" or
       "serverside" parameter.

VALID DURING
       ANY_EVENT

EXAMPLES
	when CLIENT_ACCEPTED {
	    if { [TCP::local_port] == 80 } {
		SSL::disable
		pool myPool
	    } elseif { [TCP::local_port] == 443 } {
		pool myPool
	    } else {
		discard
	    }
	}

	when HTTP_REQUEST {
	    set usessl 0
	    if { [string tolower [HTTP::uri]] starts_with "/secure" } {
		pool ssl__pool
		set usessl 1
	    } else {
		pool static_pool
		set usessl 0
	    }
	}
	when SERVER_CONNECTED {
	    if { $usessl == 0 } {
		SSL::disable
	    }
	}

	when HTTP_REQUEST {
	    if { [HTTP::uri] starts_with "/old"}{
		SSL::disable serverside
		pool TestPool1
	    } else {
		pool TestPool2
	    }
	}

HINTS
SEE ALSO
        - Rejects
       connection before handshake if no pool members are available  - This iRule allows an administrator to pass
       HTTPS traffic through the BIG-IP...   - allows either
       clear text or TLS encrypted communication with SMTP protocol
        - This iRule allows either clear text or TLS encrypted
       communication with the LTM initiating the encryption process if it sees
       the appropriate "starttls" command in the SMTP communication.   - Server Name Indication (TLS SNI) allows
       dynamic selection of clientssl profiles and pools

CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.



BIG-IP				  2017-01-31			      iRule(1)