Forum Discussion
Hi Siraj,
if you're by any means not allowed to inspect the SSL connection because of legal issues, then you could just check the pool availability once during CLIENT_ACCEPTED event and then forward the request to an alternate pool (hosting the error page) or even to another VS in a VIP-targeting-VIP configuration to serve the error page on your F5 (see iRules below)
Note: If using a VIP-targeting-VIP confguration, then make sure the targeting VIP has a Client-SSL-Profile attached using the SSL-Certificate of the original destination Site. In this case you would inspect the request destined to your banking site only in the case the original site is offline. And don't forget to apply a HTTP profile to the targeting VIP to be able to trigger the ErrorPage iRule... 😉
iRule on existing VS
when CLIENT_ACCEPTED {
if { [active_members [LB::server pool]] < 1} {
virtual VS_ERROR_PAGE
}
}
iRule on VS_ERROR_PAGE
when HTTP_REQUEST {
switch [string tolower [HTTP::uri]] {
"/logo.png" {
HTTP::respond 200 content [ifile get logo] "Content-Type" "image/png"
}
"/background-pattern.png" {
HTTP::respond 200 content [ifile get background-pattern] "Content-Type" "image/png"
}
default {
HTTP::respond 503 content [ifile get Maintenance] "Content-Type" "text/html"
}
}
}
Cheers, Kai