F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Pael_74584's avatar
Pael_74584
Icon for Nimbostratus rankNimbostratus
Oct 08, 2009

HTTPS VS with HTTPS Members

Hi,     The usual configuration in our environment is that the VS is in HTTPS with an SSL profile for the certificate, then the members will simply be in HTTP.     However, we ha...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 09, 2009
Hi Rafael,

 

 

If you want to passthrough the HTTPS just configure a VIP without a client or server SSL profile. You could probably use a Performance Layer4 VIP with a FastL4 profile. Optionally, if you want to send an HTTP response back to the client if the pool is down, you could add a client SSL profile and use an iRule like this:

 

 

HTTPS passthrough with a Fallback URL

 

http://devcentral.f5.com/wiki/default.aspx/iRules/HTTPS_passthrough_fallback_URL.html

 

 

If you want to decrypt the client side SSL but re-encrypt the server side connection, you can add both a client and server SSL profile to the virtual server. This allows you to inspect and modify the HTTP but still keep all communication over the wire encrypted.

 

 

Aaron