Forum Discussion
Nimbostratusirule for SSL termination and then pass to 2nd VIP
Hi all, first post.... I'm after an iRule please ->
I'd like to accept a https connection ( so the TLS will terminate ) on VIP1 but then get the connection to be passed over to VIP2. I have done a straight ->
when CLIENT_ACCEPTED { virtual VIP2 }
Which worked fine in our L3 networking world but not so good for the applications guys who need the TLS terminate to be done on VIP1 first.
From a networking ( IP to IP) background so need to learn for about Http and application states quickly :)
Thanks in advance.
2 Replies
Leonardo_SouzaCirrocumulus
You need to have a clientssl profile in the first virtual server. Have the iRule to pass the traffic after to the second virtual server. The second virtual server should not have clientssl or serverssl.
For the iRule:
https://devcentral.f5.com/wiki/irules.virtual.ashx
However, why you need 2 virtual servers?
- Simon_Blakely
Employee
CLIENT_ACCEPTED is too early in the connection process to pass off to another virtual - the 3WHS has completed but not the SSL handshake.
CLIENTSSL_HANDSHAKE is too early, too.Try putting the virtual command in the HTTP_REQUEST event.
Again, please explain what you are trying to achieve, as there may be a better way to get the required results.
