Forum Discussion
NimbostratusA virtual server which caters to both HTTPS and plain TCP traffic on the same port.
Hi
Need help creating a Virtual Server which caters to both HTTPS and plain TCP traffic on the same port. The HTTPS would have to be directed to a pool say pool_1 and the plain TCP traffic would need to be diverted to another pool say pool_2. Is there a way to achieve this through an iRule or any other method?
I have attempted by creating a Virtual Server with the default configurations to cater the HTTPS traffic (involving clientssl, serverssl, HTTP) and then adding an iRule to identify and route the plain TCP traffic to another pool.
I have tried quite a few conditions on the iRule but just cant seem to get both the traffic working. One works while the other fails.
This is one such example, (only plain tcp traffic works with this)
============================ when CLIENT_ACCEPTED { HTTP::disable SSL::disable pool pool_2 }
when CLIENTSSL_HANDSHAKE priority { pool pool_1 }
when SERVER_CONNECTED { SSL::disable serverside
}
Any suggestions on this would be appreciated.
3 Replies
Sergio000_19532you could try something like in this link:
https://devcentral.f5.com/articles/handling-http-requests-on-an-https-virtual-server-31668
Now HTTPs using the default pool and setting something like this for http :
when CLIENT_ACCEPTED { set https_state 0 }
when CLIENTSSL_HANDSHAKE { set https_state 1 }
when HTTP_REQUEST { if { [$https_state eq 0] } { pool xxxx } }
MuthannaMP_3382Thanks Sergio, but we have tried this and it does not work. Because here we are dealing with a plain TCP and HTTPS traffic whereas this article explains how to deal with HTTP and HTTPS traffic.
So the condition 'when HTTP_REQUEST' cannot be applied on plain TCP traffic.
Stanislas_Piro2Cumulonimbus
Try this code:
when CLIENT_ACCEPTED { SSL::disable TCP::collect } when CLIENT_DATA { Store TCP Payload up to 2^14 + 5 bytes (Handshake length is up to 2^14) set payload [TCP::payload 16389] set payloadlen [TCP::payload length] if { [binary scan $payload cH4Scx3H4x32c tls_record_content_type tls_version tls_recordlen tls_handshake_action tls_handshake_version tls_handshake_sessidlen] == 6 && \ ($tls_record_content_type == 22) && \ ([string match {030[1-3]} $tls_version]) && \ ($tls_handshake_action == 1) && \ ($payloadlen == $tls_recordlen+5)} { SSL::enable } TCP::release }
