For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Slava_85677's avatar
Slava_85677
Icon for Nimbostratus rankNimbostratus
Oct 13, 2015

Authentication and authorization: how to force an iRule to connect to a server on Internet via HTTPS?

Let's say I have a server on Internet (let's call it CRED), which receives a request, checks if access is allowed and responses with some data (allow access or reject).   I have an LTM with a lots...
application delivery
deployment
design
devops
iRules
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 13, 2015

The only way to make an SSL connection through a sideband call is to point your sideband call at a local VIP that applies server side SSL. So

 

  • A user makes a request to my web app via LTM
  • A request comes on LTM and hit an iRule
  • The iRule establishes a non-SSL connection to a local VIP that load balances to CRED on Internet and applies a server SSL profile to do HTTPS to CRED, on port 443.
  • After connection is established, the iRule makes a request like "GET /mypage/myindex2.html HTTP/1.0\r\n\r\n"
  • The iRule receives data and closes the connection to CRED
  • The iRule makes a decision if a user is allowed to see requested url.
  • The user gets requested data or his session is rejected/forwarded to another page.