Forum Discussion

Nimbostratus

Jul 28, 2020

Help with iRule to enable SSL profile based on XFF Header

Hi all We have some apps on our F5s that will need to go behind the Silverline WAF (can't use ASM so this is our only option). Currently on the F5s we have an iRule which selects a particular clie...

Employee

Aug 03, 2020

You need to use SSL::renegotiate

As you say, you need to examine the X-Forwarded-For header, but that does not arrive until after TLS negotiation.

So you establish un-authenticated TLS, and then examine the XFF header, select the new TLS settings, and SSL::renegotiate

However, the actual endpoint from the client perspective will be Silverline, who will be terminating TLS. I don't really see how you can make this work in this context.

Forum Discussion

Help with iRule to enable SSL profile based on XFF Header

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

captcha not show after enable header security

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

SSL Profiles

Security headers