Forum Discussion

Nimbostratus

Sep 01, 2015

iRule - SSL Forward proxy bypass, some sites won't work.

I have a F5 BIG-IP working as a forward ssl proxy, but some sites just won't work. Thats why I have developed a iRule to have a bypass list based on IP addresses. Traffic-flow is like this. Cli...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Employee

Sep 08, 2015

So what is the rest of the iRule doing? You may have luck with the SSL Intercept iApp, which is basically doing the same thing you're describing and can support your configuration.

So does the forward proxy source address bypass option work? You just have to create an address-based data group with each IP (as address - no value needed) that you want to bypass.

That site in particular supports TLSv1 with TLS_RSA_WITH_AES_256_CBC_SHA so any BIG-IP version (11.4 - 12.0) should be able to work. Do you know why your config isn't working for this site? have you done an ssldump capture on the server side of the proxy to see what's going on?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)