Forum Discussion

Cirrus

Dec 26, 2022

HTTPS passthrough for a single domain name

Hi Everyone, I have 1x HTTPS virtual server hosting multiple applications/ domain names (e.g. X.com, Y.com, Z.com, etc.) it is configured with SSL Bridging mode (both VS and pool members are 443). ...

MVP

Dec 27, 2022

Hello,

Unfortunately, I didn't test this scenario before, but you can check the LTM policies that might meet your requirement.

You can create a rule that checks the host in the HTTP request, and the action could be disabling the client and server SSL profiles as the below one. But I think you should take into consideration the profiles used by that virtual server.

Thanks,

PSFletchTheTek
Cumulonimbus
Dec 28, 2022
I'd love to know if you got that working.
I know the server side config works as i use it myself.
I'm just not to sure where in the stack the client ssl side kicks in, it might be at a point to late to try to stop it doing the tls offload.
Sarah
Cirrus
Dec 28, 2022
Thank You Mohammed for your response.
I am looking for a way to check the domain name before processing the clientssl since the application requires client certificate for authentication. Therefore, I am not sure if the proposed solution will achieve the desired when HTTP Host is used in condition?
I found this article SNI Routing with BIG-IP explaining what I was trying to achieve, However, I have not tested it yet.
Thank you again,
- Mohamed_Salah_
  MVP
  Dec 29, 2022
  Hello,
  I think yes, you can use the host condition in the LTM policy to disable the server SSL, because F5 will check the host header after establishing the SSL connection with the client already.