cancel
Showing results for 
Search instead for 
Did you mean: 

Adding a Rule to a VS with protocol SSL(HTTPS)

SOLVED
Highlighted
New Contributor

Adding a Rule to a VS with protocol SSL(HTTPS)

Hello,

  I have a VS with protocol SSL(HTTPS), and I am unable to add rules to it for routing traffic to different pools. The rule I have is very simple:
$path = http.getpath();

if (string.startwith($path, "/something")) {

    pool.use("Something_Pool");

}

   However, when I attempt to associate this rule with the VS, I get the following error:
"You are using functions that will not work with this protocol. (http.* functions)"

 

Is this type of routing possible with SSL(HTTPS) protocol Virtual Servers?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Community Manager

Re: Adding a Rule to a VS with protocol SSL(HTTPS)

Most likely this is because the Virtual Server is set to type HTTPS, which is intended to be used for load-balancing HTTPS traffic without HTTP inspection. The VS expects to run in SSL pass-through mode, where SSL is the internal protocol.

 

From the user guide (v20.1, p.43) "If the Traffic Manager decrypts SSL-encrypted traffic, references to protocol refer to the protocol of the decrypted traffic. For example, if the Traffic Manager is receiving HTTPS traffic on port 443 and uses SSL decryption to decrypt it, then the protocol in use within the Traffic Manager is HTTP."

 

So most likely you should configure the virtual server to be "HTTP" and then enable "SSL decryption" on that virtual server, so that incoming HTTPS traffic is decrypted, allowing it to be inspected and managed as HTTP traffic.

 

Alternatively, if you want to decrypt, inspect, then re-encrypt the traffic, you can also use the "SSL Decrypt a Service" Wizard, to help configure an HTTPS virtual server for encryption of onward traffic.

 

View solution in original post

4 REPLIES 4
Highlighted
Community Manager

Re: Adding a Rule to a VS with protocol SSL(HTTPS)

Most likely this is because the Virtual Server is set to type HTTPS, which is intended to be used for load-balancing HTTPS traffic without HTTP inspection. The VS expects to run in SSL pass-through mode, where SSL is the internal protocol.

 

From the user guide (v20.1, p.43) "If the Traffic Manager decrypts SSL-encrypted traffic, references to protocol refer to the protocol of the decrypted traffic. For example, if the Traffic Manager is receiving HTTPS traffic on port 443 and uses SSL decryption to decrypt it, then the protocol in use within the Traffic Manager is HTTP."

 

So most likely you should configure the virtual server to be "HTTP" and then enable "SSL decryption" on that virtual server, so that incoming HTTPS traffic is decrypted, allowing it to be inspected and managed as HTTP traffic.

 

Alternatively, if you want to decrypt, inspect, then re-encrypt the traffic, you can also use the "SSL Decrypt a Service" Wizard, to help configure an HTTPS virtual server for encryption of onward traffic.

 

View solution in original post

Highlighted
Community Manager

Re: Adding a Rule to a VS with protocol SSL(HTTPS)

Also note: string.startwith() should be string.startswith()

You can use the "Check Syntax" option when you build a rule in the Catalog.

 

Complete rule:

$path = http.getpath();
if (string.startswith($path, "/something")) {
    pool.use("Something_Pool");
}

 

Highlighted
New Contributor

Re: Adding a Rule to a VS with protocol SSL(HTTPS)

That is unfortunate. I don't have ownership of the VS, so I am not sure I will be able to make changes to the protocol. Thanks anyway.

Highlighted
Community Manager

Re: Adding a Rule to a VS with protocol SSL(HTTPS)

The simplest would be for the VS owner to use the "SSL Decrypt a Service" Wizard - which would leave the incoming and forwarded protocols as HTTPS, and allow rules to be applied in vTM.

 

If you prefer, I can connect you to one of our technical architects, who can look at how the services have been set up, and perhaps recommend other ways for the VS owner to help resolve this problem? Send me a PM if that would be useful.