How SSL client connections diverted to the servers as HTTP (clear text) or HTTPS (SSL) according to the URI

Question

Hi&nbsp;
I know two basic modes for dealing HTTPS/SSL incoming client connections:&nbsp;

BIG-IP ends the SSL connection and send requests to the targer servers in "clear text" (HTTP).&nbsp;

BIG-IP is configured as passthrough. BIG-IP does not decrypt the SSL connection and SSL stream reach the target server. Target server has to encrypt/decrypt the SSL connnection stream.  &nbsp;

Is there any way (I mean an iRule) to select mode 1 or mode 2 according to the URI?&nbsp;
I guess there is no one -- unless BIG-IP ends client-side SSL and create a server-side SSL connection BUT then that will not be a genuine passtrough mode.  &nbsp;
Thanx in advance  &nbsp;

nathe · Answer

Damián,&nbsp;
As SSL transactions happens prior to HTTP then I would guess not.&nbsp;
In regards point 2 there is a (relatively) new feature called Proxy SSL which doesn't terminate traffic on the LTM, so is passthrough, but does then have visibility of the encryption key so it can inspect the traffic too i.e. where you might need to offload traffic to ASM.&nbsp;
Rgds&nbsp;
N&nbsp;

Forum Discussion

How SSL client connections diverted to the servers as HTTP (clear text) or HTTPS (SSL) according to the URI

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Unblock Request WAF

Related Content

Divert Unencrypted Traffic through an IPS with Local Traffic Manager

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

F5 Distributed Cloud Kubernetes Integration: Securing Services with Direct Pod Connectivity

AWS Transit Gateway Connect: GRE + BGP = ?

Divert external rest api traffic to a node

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS