For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MDPF52_180608's avatar
MDPF52_180608
Icon for Nimbostratus rankNimbostratus
Sep 09, 2015

BIG IP SSL Serverside

Hello DevCentral,

Is it possible to select the profile & enable the SSL::serverside in the iRule? In order to remove the SSL Serverside profile in the Virtual server configuration.

when HTTP_REQUEST {

SSL::disable serverside (I want to remove the SSL Profile on the VS in order to remove this line)



switch -glob [HTTP::uri] {

      "/xxx1*" { 
                  SSL::enable serverside
                  ASM::disable
                  pool xxx1
                  log local0. "Pool Selected: xxx1"
       }

      "/xx2*" { 
                  SSL::enable serverside
                  ASM::disable
                  pool xxx2
                  log local0. "Pool Selected: xxx2"
       }
   }
}
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security

2 Replies

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Sep 09, 2015

    the SSL::profile command may help you out. Haven't used it myself, but looks like you can renegotiate the certificate on the serverside.

    Note that you're virtual server will need an SSL profile on it to begin with I believe, but you could disable and enable as necessary (

    SSL::disable
    /
    SSL::enable
    ).

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 10, 2015

    Correct. You need an SSL profile applied to the VIP before you can use SSL::enable/disable. You can always do something like this:

    when CLIENT_ACCEPTED {
    SSL::disable serverside
}
when HTTP_REQUEST {
    if { some condition } {
        SSL::enable serverside
    }
}