Forum Discussion

Cirrocumulus

Feb 07, 2018

iRule Choose pool base on SNI and disable ssl base on SNI

Hi We have the need to select pool via irule but we don't want to decrypt all HTTPS traffic. Can we do this? (This is outbound traffic) We have list of URL in iRule Datagroup ...

Ret. Employee

Feb 07, 2018

hmm, interesting. If you do no want offload ssl on server side than you need somehow to re-initiate ssl handshake between a client and back-end server, since ssl handshake is already finished with big-ip when iRule checks for URL

SSL forward proxy bypass looks reasonable. big-ip should bypass ssl, based on host name in the server cert If ssl forward proxy is enabled then ssl handshake on the client side will not finish until big-ip receives certificate from the back-end server.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule Choose pool base on SNI and disable ssl base on SNI

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

Disabling Ciphers

Temporarily Disable SNMP Traps

disable irule process for the request not for the whole tcp connection

iRULE regsub error

owa iapp assign irule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS