Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Peter_chan's avatar
Peter_chan
Icon for Nimbostratus rankNimbostratus
Mar 01, 2018

How to bypass the similar domain in SSL Orchestrator

How to configure the SSL Orchestrator to bypass the same domain like "login.skype.com", "api.asm.skype.com". I have try to configured the ".*skype.com" and "*.skype.com" but no use.  
irules
security
ssl forward proxy
Piotrek_72347's avatar
Piotrek_72347
Icon for Nimbostratus rankNimbostratus
Mar 05, 2018

please go to:

 

SSL Orchestrator>Configuration and Polices.

 

next editing your policy go to > Destination setting and for > Address Destination.

 

choose DBB - For DDB (Dynamic Domain Bypass), the Destination you configure contains one or more DNS domain names (unique or wildcard) against which the destination hostname indicated by the client in TLS SNI is matched. This mode is special because it classifies traffic before the SSL Orchestrator implementation attempts any TLS handshake with the remote server (that is, in Match Phase Pre-handshake). You may use DDB to whitelist and bypass traffic to servers which cause TLS handshake problems or that require TLS mutual (client-certificate/smart- card) authentication. For DDB, the Service Chain value you select must be Bypass or Reject.