Forum Discussion

Nimbostratus

Jan 12, 2015

http and https session persistence based on a header value and client ip combination

I am trying to configure BIG IP SLB for session persistence based on value of a non standard HTTP header (lets say "XYZ") and facing a few hitches on my BIG IP site. I want that all client HTTP...

abvaidya_182376

Nimbostratus

Jan 13, 2015

Hi Brad, i searched little more about this and found the below link which says that in case you want to have irule based persistence profile, for HTTPS, you need to have a client SSL profile which will decrypt the request and after persistence by persistence profile, a SSL server profile is required to re encrypt the request before sending to the server.

      https://devcentral.f5.com/questions/error-http_request-event-in-rule-requires-an-associated-http-fasthttp-profile-on-the-virtual-server

A few questions

1) Is there any specific that is required in the client SSL and server SSL profiles for this to work? Like, is any property value required to be same in the two profiles?

2) I don't know much about Universal persistence as referred by you in your last reply. I just happened to use it. Is there any reason that i should use only this persistence? My used case is simply what i explained in my initial questions

Regards Abhishek

Brad_Parker

Cirrus

Jan 13, 2015

You only need a server SSL profile if you want SSL to the backend server. You can just use the default server SSL profile unless you know you need to use any of the other parameters. There is no matching property to set between the two SSL profiles in this case as you are not using proxy mode. In my experience universal persistence is used in special cases like the one you defined(wanting to persist based on a combination of a header value and client IP). Many times source address persistence works well and doesn't require you to SSL offload and can also persist across Pools, Virtual Servers, and services as well. Cookie based persistence also has a lot of perks and that's what we use, but it requires at a minimum the client SSL profile as well. Cookie persistence writes a cookie in the clients browser that is a hash of the backend node's IP. This can also work across pools and virtual servers provided the same nodes are available and you use the same cookie name. I hope this helps a bit. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_persist_profiles.html

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

http and https session persistence based on a header value and client ip combination

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

F5 XC – Persistence and Resiliency pt. I (persistence)

ASP Session ID Persistence

Weblogic JSessionID Persistence for Session Replication

MCP Session Affinity With F5 NGINX Plus

source address persistence maximum session timeout

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS