Re: SSL offload and trafficscript

mgyles · 10-20-2011

Hi Joe,

Thanks for joining us on the Riverbed Community Forum. One option you might wish to consider is using TrafficScript to check if the URL being requested is SSL. Within the Traffic Manager there is a SSL.isSSL() function which will be true if it is secure. The logic would be thus:

If request is secure then {

If request is for common resource then {

Allow

} else if request is for booking then {

Allow

} else {

redirect to http

}

The TrafficScript would be something like:

if ( ssl.isSSL() ) {

$path = http.getPath();

$host = http.getHeader("Host");

if ( (! string.startswith($path, "/resources") ) &&

(! string.startswith($path, "/book") ) {

http.changesite("http://" . $host );

}

Do let us know how you get on with this issue. Kudos goes to Mark Boddington, Systems Engineer, Stingray product family for assisting with the TrafficScript rule.

Thanks,

joe-90 · 11-07-2011

Hi all,

I'm running 6.0r7 (I know, I'm going to upgrade soon) and I have a slightly tricky SSL issue.

I'm doing SSL offload in the LBs and to minimise CPU time, I really want to only serve up the required 2 pages over SSL.

The problem is that whilst the pages themselves have recognisable URLs (i.e. if string.contains($path, "/book")) other assets on the page (like images) are common across SSL and non-SSL.

In other words, I want to check the URL of the initial request, then permit serving up all content via SSL. Once the transaction is finished, I need to force the user back to non-SSL.

I've thought about setting a cookie, if the url is /book, but then how can I determine when they leave SSL?

Any ideas?

-- joe.

Answers

Re: SSL offload and trafficscript

SSL offload and trafficscript