Forum Discussion
gh0std0g_79292
Jul 11, 2012Nimbostratus
help troublshooting or reconfiguring an irule
Currently the CAS server is doing the redirect, terminating
the SSL, and providing the OWA logon page… The F5 was set up for ‘Performance
L4’ and load balancing.
I was attempting to integ...
nitass
Jul 11, 2012Employee
Will I have to install the cert/key pair on F5 as well?yes, you should import certificate and key from server to bigip and set it in clientssl profile. you are able to use default clientssl profile but user will get certificate warning page when accessing https virtual server.
And if so, I assume I can use the default server profile 'server-sslinsecure-compatible'?yes, you can use default serverssl-insecure-compatible on server-side i.e. custom clientssl profile on client-side and default serverssl-insecure-compatible on server-side.
And that will not interfere with my enterprise vault pool listening on port 80.not really sure if i understand correctly. anyway, i understand there are 2 pools; exchange pool is listening on port 80 and 443 and enterprisevault is on port 80. you have 2 virtual servers but same virtual address; one is on port 80 and the other one is on port 443, and you want to direct traffic to pool based on url.
so, i think configuration may look like this.
[root@ve10:Active] config b virtual bar80 list
virtual bar80 {
destination 172.28.19.79:80
ip protocol 6
rules myrule80
profiles {
http {}
tcp {}
}
}
[root@ve10:Active] config b rule myrule80 list
rule myrule80 {
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] contains "enterprisevault" }{
HTTP::redirect "https://[HTTP::host]/enterprisevault"
} elseif { [HTTP::uri] equals "/" }{
HTTP::redirect "https://[HTTP::host]/owa"
}
}
}
[root@ve10:Active] config b virtual bar443 list
virtual bar443 {
snat automap
destination 172.28.19.79:443
ip protocol 6
rules myrule443
profiles {
clientssl {
clientside
}
http {}
serverssl {
serverside
}
tcp {}
}
}
[root@ve10:Active] config b rule myrule443 list
rule myrule443 {
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] equals "/enterprisevault" } {
SSL::disable serverside
pool foo80
} else {
pool foo443
}
}
}
[root@ve10:Active] config b pool foo80 list
pool foo80 {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b pool foo443 list
pool foo443 {
members 200.200.200.101:443 {}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects