Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Aug 08, 2021

have ssl and non ssl pools (or pool members) for a VS

Hi

 

So I am migrating a nginx config over to F5. Some upstream end points are SSL and some are not.

 

So on my VS profile I have configured ssl (server), so by default all of my pool connections are SSL,

so default pool is ssl, no I add a irule to pull out specific uri and I want to send them to a different pool.

 

got the irule work and got the pool command working, but how do I tell it to no use ssl for this connection to this pool

 

 

devops
iRules
LTM
Security
  • Mayur_Sutare's avatar
    Mayur_Sutare
    Aug 09, 2021

    You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

     

    Hope it helps!

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Aug 09, 2021

    You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

     

    Hope it helps!

    • AlexS_yb's avatar
      AlexS_yb
      Icon for Cirrocumulus rankCirrocumulus
      Aug 09, 2021

      Okay why ltm over irule

       

      also so setting in policy is only for that request, interesting.

      thanks

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Aug 09, 2021

     ,

     

    When it comes to comparing LTM policy with iRule, LTM policies are much faster when it comes to executing the traffic conditions.

    • AlexS_yb's avatar
      AlexS_yb
      Icon for Cirrocumulus rankCirrocumulus
      Aug 09, 2021

      Good to know.

       

      So side question currently I have a irule for the http to https. should i be doing that in profile - is there one ?

  • AlexS_yb's avatar
    AlexS_yb
    Icon for Cirrocumulus rankCirrocumulus
    Aug 09, 2021

    Last add on question for this - how do I manage policies in BIG-IQ. i removed the irule for http to https and created the equivalent policy.

     

    I can re import my F5 instance into BIG-IQ -but can't find any place to edit / modify / create policies :(

     

  • AlexS_yb's avatar
    AlexS_yb
    Icon for Cirrocumulus rankCirrocumulus
    Aug 28, 2021

    Seem to be having some issue with doing this with websockets. the backend is non ssl . how to capture a websocket connection to turn the backend into non ssl