http profile wont work with no SSL offloading configrued ?

I'm not clear what the situation here is, but I assume that you're referring to SSL enabled web servers behind the BigIP and you're not offloading - instead, you're passing through to the back end.

 

 

If this is the case, your issue is because the HTTP profile expects to be able to see the layer 7 protocol information (i.e. HTTP). If you're not terminating SSL the system can't see this traffic because it's encrypted.

 

 

-Matt

ok.,

 

 

is there any way to apply an irule on a VIP were no SSL offloading is configured. I jsut want to apply a Irule like

 

this

 

 

when HTTP_REQUEST {

 

if { (not ([matchclass [IP::client_addr] equals [$::internal-ips]]) } {

 

discard

 

}

 

}

 

 

just lock down based on IP

 

 

Yep, for Layer 4 stuff you'll be fine. Have a look at this:

 

http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnIP.html for a basic example

 

 

or this:

 

http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnNetworkOrHost.html for a more complete example.

 

 

-Matt

thanks,

 

 

that worked great,