Forum Discussion

Bernd_Fritzsche's avatar
Bernd_Fritzsche
Icon for Nimbostratus rankNimbostratus
Apr 03, 2006

HTTPS re-encryption

Hello,

 

 

as an iRules newbie, I need some ideas on how to realize my (weird?) thinking:

 

 

Given:

 

- 2 MS-Exchange systems (both offering OWA and ActiveSync using SSL)

 

- persistence is mandatory

 

 

Wish:

 

- send requests containing "/Microsoft-Server-ActiveSync/*" to nodeA (fallback: nodeB)

 

- send all other (=OWA) requests to nodeB (fallback: nodeA)

 

 

Goal:

 

- share load to both servers

 

 

My idea:

 

- building two pools with identical nodes but different ratio/prio

 

- SSL proxy that terminates SSL on BigIP and a virt.server with a rule like

 

if (http_uri contains "activesync") { use pool ACTSYNC }

 

else { use pool OWA }

 

 

Problem:

 

- so far so good, but now MS-Exchange needs SSL traffic so I have to re-encrypt afterwards.

 

- Any hints on how to achieve that?

 

 

Many thanks in advance for any help!
application delivery
dev
devops
iRules
v4

2 Replies

  • Martin_Machacek's avatar
    Martin_Machacek
    Historic F5 Account
    Apr 03, 2006
    Please refer to the BIG-IP Reference Guide -> SSL Accelerator Proxies -> Creating an SSL Accelerator proxy -> Creating a client-side proxy with SSL-to-Server enabled. It is available online at (4.5.x version):

     

     

    http://tech.f5.com/home/bigip/manuals/bigip4_5_10/bigip4_5_10ref/BIGip_SSLproxy.html1252855

     

     

    BTW, this question has nothing to do with iRules per se and because of that is not appropriate for this forum.
  • Bernd_Fritzsche's avatar
    Bernd_Fritzsche
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2006
    I apologize - my question wasn't primarily SSL related but rather meant like "Is there some other way (with iRules?) that I can go?".

     

    However, thank you very much!