F5 LTM initiates SSL connection on the server-side

Question

We have a virtual server which needs to route traffic to 3 pools based on the incomming uri. one pool has the servers listening on an ssl port and other 2 are non-ssl. The VIP has both client and server-side ssl provide applied. We have irule on the VIP to disable the server-side ssl for the 2 pools with non-ssl port. For some reason the F5 is trying to initiate an https server side connection and server listening on the non-ssl port responds with 400 (which is expected). Its not all the time though, its pretty sporadic and we have seen this in the pcaps.

elseif {[HTTP::uri] starts_with "/abc/"}{
set uri [HTTP::uri]
#HTTP::uri [string map {"/abc/" "/def/"} $uri]
#log local0. "[HTTP::uri]"
SSL::disable serverside
snat none
pool xyz_pool
}

Thanks!

paulius · Answer

Are you positive that it's not a health monitor that's doing that? Do you have the rest of the configuration of this iRule so we can ensure something else isn't causing an issue in the iRule?

michael_saleem · Answer

Maybe when this happens, the URI in the client's HTTP request starts with /abc instead of /abc/.
I would verify that the URI being sent has a trailing forward slash.

Forum Discussion

F5 LTM initiates SSL connection on the server-side

Recent Discussions

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Big-IP not recognized by Big-IQ

Application only need to access from 2 uris

Related Content

Proxy Protocol v2 Initiator

Client-side vs Server-side Load Balancing

Client side to server side SNI relay iRule

SSL Heartbleed server side iRule

Server Side Profile not show the certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS