Forum Discussion
Asif_Iqbal_2148
Nimbostratus
NimbostratusHow to allow both HTTP and HTTPS traffic from a single VIP?
Hi all,
We have a VIP setup for SSL bridging i.e. client-->443-->F5-->443-->backend servers and we want to allow both http and https traffic through the same VIP. Also, I am new to F5 so any hel...
Brad_Parker
Cirrus
CirrusHere is an example iRule that will disable your SSL profile for traffic received on port 80 and allow HTTP all the way through on that port. Since you are using SSL bridging you will leave your clientSSL, serverSSL, and http profiles attached to the VIP and set you VIP to use * for the port. AND, please don't just throw this into production without testing it :-).
when RULE_INIT {
Requests to ports not defined in either the https or http ports list will be reset
Define virtual server ports that should have SSL enabled
set static::vip_https_port 443
Define virtual server ports that should be answered with HTTP
set static::vip_http_port 80
}
when CLIENT_ACCEPTED {
if { [TCP::local_port] == $static::vip_https_port] }{
Request was to an HTTPS port, so do nothing for the clientside connection.
The defined client and/or server SSL profiles will be applied as normal
if {[PROFILE::exists clientssl] == 0}{
reject
}
}
elseif { [TCP::local_port] == $static::vip_http_port }{
Request was to an HTTP port, not an HTTPS port, so disable client SSL profile if one is enabled on the VIP
Check to see if there is a client SSL profile and if so, disable it
if { [PROFILE::exists clientssl] == 1} {
SSL::disable clientside
}
Check to see if there is a server SSL profile and if so, disable it
if { [PROFILE::exists serverssl] ==1} {
SSL::disable serverside
}
}
else {
Request wasn't to a defined port, so reset the TCP connection.
reject
}
}
