For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Austin_Geraci's avatar
Austin_Geraci
Icon for MVP rankMVP
Jan 11, 2010

HTTPS - direct based on URI - not terminating SSL

I need to direct traffic to a particular pool based on uri contents. I'm NOT terminating SSL.     1-Can I do this without terminating SSL     2-do I need the else statment or wil...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 11, 2010
If you want to inspect or modify the HTTP headers or payload (including the URI), you must decrypt the SSL on LTM. If you need to also use SSL between LTM and the servers, you could decrypt on the clientside using a client SSL profile and re-encrypt on the serverside using a server SSL profile.

If you did decrypt the SSL, you'd want to specify a pool for all cases in the rule when you specify a pool for any case. Here is an example where you don't need to explicitly define the VIPs default pool by name: 

 
 when CLIENT_ACCEPTED { 
    set default_pool [LB::server pool] 
 } 
 when HTTP_REQUEST { 
    if {[HTTP::uri] starts_with "/test/" } { 
       pool test1_443 
    } else { 
       pool $default_pool 
    } 
 }

Aaron