Forum Discussion

Cirrus

Nov 14, 2014

1 VIP / any ports used for both HTTP and HTTPS, possible?

Hello, We would like to use the same VIPs and DNS names for both encrypted/non encrypted traffic, with this idea: •If F5 LTM receives HTTP traffic (on any port), it should not encrypt. •If ...

client ssl profile

nitass

Employee

Nov 16, 2014

There is an option to allow non-SSL traffic on client ssl profile but this option is bot there for server ssl profile, so maybe there exist an iRule for this?

what about this?

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:0
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        myclientssl {
            context clientside
        }
        serverssl {
            context serverside
        }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-port disabled
    vs-index 14
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:0 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile client-ssl myclientssl
ltm profile client-ssl myclientssl {
    allow-non-ssl enabled
    app-service none
    cert-key-chain {
        default {
            cert default.crt
            key default.key
        }
    }
    defaults-from clientssl
    inherit-certkeychain true
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENTSSL_HANDSHAKE {
  set is_ssl 1
}
when HTTP_REQUEST {
  if { not([info exists is_ssl]) } {
    SSL::disable serverside
  }
}
}

 test

[root@centos1 ~] curl -I http://172.28.24.10/
HTTP/1.1 200 OK
Date: Mon, 17 Nov 2014 03:59:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT
ETag: "41879c-59-2a9c23c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

[root@centos1 ~] curl -Ik https://172.28.24.10/
HTTP/1.1 200 OK
Date: Mon, 17 Nov 2014 03:59:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT
ETag: "41879c-59-2a9c23c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)