Forum Discussion
BIG-IP : disable SSL on request
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi
Within an iRule, I know how to enable/disable SSL on a request to be routed :
pool pool-01
SSL::disable serverside
return
However, is it possible to accomplish same via a profile ?
- Kevin_Stewart
Employee
Not in a profile, but definitely in an LTM policy. In the general properties of a policy, select whatever data point you need in the Requires section, and forwarding (for the pool) and server-ssl (to disable server side SSL) in the Controls section. Then build your rules accordingly.
Stanislas_Piro2Cumulonimbus
As Kevin first suggested, Local traffic policies allow to replace most of irules. there is a bug in the 11.4 version, but is corrected in 11.5.
You can start with the following workaround allowing to use Policies with a small irule doing which is impossible in policy. (iRule HTTP_REQUEST event occurs after Policy Request event)
There is a workaround allowing to use Local traffic policies to disable SSL server side: create the rule action
named ssldisable with value 1tcl variableadd the following irule and assign it to the VS:
when HTTP_REQUEST { if {([info exists "ssldisable"]) && $ssldisable } { SSL::disable serverside } }When you will upgrade to 11.5, you only have to replace the
action byset variableserver-ssl disable
