Forum Discussion

dd007_132137's avatar
dd007_132137
Icon for Nimbostratus rankNimbostratus
Sep 17, 2013

F5 requires certificates for other URI paths

Hi,   We have our virtual server almost ready to be tested by our teams' consumers but we are running into this issue lately.   In Local Traffic ›› Profiles : Protocol : HTTP Class ›› ddTes...
deployment
management
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 17, 2013

Can I assume that your cURL script is external to the F5 and it's hitting the one VIP (https://collector.api.devabcdcentral.com) with different URIs? As others have stated, SSL happens BEFORE HTTP, so there's really no way to enable/disable client side SSL based on the HTTP request URI. There are a few options though:

 

  1. Move your health check to the F5 with an external monitor. The F5 can issue the health checks and report its findings, and/or control the availability of pool members.

     

  2. Create TWO VIPS: one for HTTP and one for HTTPS, and a set of iRules that filters on the HTTP requests. Only allow requests to /collector/health on the HTTP VIP and redirect everything else to the HTTPS VIP.