For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Benoit_C_'s avatar
Benoit_C_
Jan 14, 2019

How to send traffic to a pool with pool members expecting HTTPS from another VS

Hello,   I have this LTM configuration: a 'standard' virtual server VS1 configured with client and server SSL profiles, and behind a pool P1 with members listening on / expecting requests to be ma...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 15, 2019

Hi Benoit C.,

to access mixed HTTP and HTTPS pools through a unified Virtual Server you have to assign a Server-SSL-Profile to begin with, and then selectively disable the Server-Side-SSL negotiation for any plaintext pool you are going to access... 

when HTTP_REQUEST {
    switch -exact -- [HTTP::host] {
        "www.plaintext.com" {
            pool my_plaintext_pool_http80
            set disable_server_ssl 1
        } 
        "www.encrypted.com" {
            pool my_secure_pool_https443
            set disable_server_ssl 0
        } 
        default {
            HTTP::respond 502 content "Access Denied" "Content-Type" "text/text" "Connection" "close"
        }
    }
}
when SERVER_CONNECTED {
    if { $disable_server_ssl } then {
        SSL::disable serverside
    }   
}

Cheers, Kai