ltm rule command SSL disable
iRule(1) BIG-IP TMSH Manual iRule(1)
SSL::disable
Disables SSL processing.
SYNOPSIS
SSL::disable (clientside | serverside)?
DESCRIPTION
Disables SSL processing. This command is useful when using a virtual
server that services both SSL and non-SSL traffic, or when you want to
selectively re-encrypt traffic to pool members.
Note: Disabling SSL on the serverside only applies before serverside
connection has been established (SERVER_CONNECTED) or when the
clientside of the connection is in a detached state (e.g., oneconnect,
LB::detach).
RETURN VALUE
SSL::disable [clientside | serverside]
Disables SSL processing on one side of the LTM. Sends an SSL alert
to the peer requesting termination of SSL processing.
By default, the side that is disabled is the currently running
context (so, running SSL::disable in a client-side event will disable
client-side SSL). This can be changed via the "clientside" or
"serverside" parameter.
VALID DURING
ANY_EVENT
EXAMPLES
when CLIENT_ACCEPTED {
if { [TCP::local_port] == 80 } {
SSL::disable
pool myPool
} elseif { [TCP::local_port] == 443 } {
pool myPool
} else {
discard
}
}
when HTTP_REQUEST {
set usessl 0
if { [string tolower [HTTP::uri]] starts_with "/secure" } {
pool ssl__pool
set usessl 1
} else {
pool static_pool
set usessl 0
}
}
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/old"}{
SSL::disable serverside
pool TestPool1
} else {
pool TestPool2
}
}
HINTS
SEE ALSO
- Rejects
connection before handshake if no pool members are available - This iRule allows an administrator to pass
HTTPS traffic through the BIG-IP... - allows either
clear text or TLS encrypted communication with SMTP protocol
- This iRule allows either clear text or TLS encrypted
communication with the LTM initiating the encryption process if it sees
the appropriate "starttls" command in the SMTP communication. - Server Name Indication (TLS SNI) allows
dynamic selection of clientssl profiles and pools
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)