HTTPS to HTTP redirect before SSL Termination
because i am not to experienced with F5 LTM and/or SSL-Communication, i have to ask a question.
Is it possible somehow to redirect incoming SSL request right before SSL termination by using iRules at the F5 LTM?
I asking that question because i do not have a cert for one domain at my side, so that i only deliver http content therefore right now. But certainly i would like to answer incoming request which might be SSL related not only by using a reject.
I looked around the examples but could not find a complete solution. Examples are..."How To Avoid SSL Handshake When No Pool Member Available" or "HTTPS passthrough fallback URL" inside of the iRules section.
Detailed i tried these rules.
>>>
rule GLOBAL_REDIRECT_HTTPS_TO_HTTP_IRULE {
when CLIENT_ACCEPTED {
if {[active_members [LB::server pool]]<1}{
SSL::disable
reject
}
}
}
reject certainly ends the communication directly.
Or
rule GLOBAL_REDIRECT_HTTPS_TO_HTTP_IRULE {
when CLIENT_ACCEPTED {
if {[active_members [LB::server pool]]<1}{
SSL::enable
when HTTP_REQUEST {
HTTP::redirect "http://[getfield [HTTP::host] ":" 1 ][HTTP::uri]"
TCP::close
}
}
client receive the default ssl cert which is not handling the domain where i've try to use the rule
Or
rule GLOBAL_REDIRECT_HTTPS_TO_HTTP_IRULE {
when CLIENT_ACCEPTED {
if {[active_members [LB::server pool]]<1}{
HTTP::redirect "http://[getfield [HTTP::host] ":" 1 ][HTTP::uri]"
TCP::close
}
}
receive an error because HTTP::redirect can not be used at CLIENT_ACCEPTED.
<<<
Hope there is a way and somebody could give me a hint.
Thanks so far.
AMa