Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

TTOM's avatar
TTOM
Icon for Nimbostratus rankNimbostratus
Nov 22, 2021

iRule proxypass with profilessl

hello, we are using proxypass irule to change pool when uri parameter change , so when user is hitting a.b.c.com/start it going to defined pool in datagroup and thats working fine. Now we deploy c...
application delivery
big-ip
irules
proxypass
TTOM's avatar
TTOM
Icon for Nimbostratus rankNimbostratus
Dec 07, 2021

is it now visible ?

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jan 25, 2022

    yes this works, result is weird indeed.

    if you capture do you then see a port 80 request?

    • TTOM's avatar
      TTOM
      Icon for Nimbostratus rankNimbostratus
      Mar 04, 2022

      hello boneyard, no, there is SSL communication too, now I testing on production but still not working... so now it looks :

      1. Hitting VIP on 443 is ok

      2. Hitting VIP with /uri which should forward traffic to POOL with SSL is NOK(port 4009), I see handshake to VIP and afterwards it correctly communicate to correct POOL on SSL port but response in browser : ERR_EMPTY_RESPONSE

      any ideas ?

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP
        Mar 06, 2022

        the ERR_EMPTY_RESPONSE is probably the RST on TCP level.

        so the server somehow doesn't like this, do you see anything in the logging there?

    • TTOM's avatar
      TTOM
      Icon for Nimbostratus rankNimbostratus
      Mar 21, 2022

      hello boneyard , regarding requests to backend server, I see now that it sending clear http request....on firts screenshoot you can see that we hitting VIP on 443 afterwards it redirect to backend server on port 4004 and send there http requests but nothing respond because there is SSL. on second screenshot is debugging from proxypass irule, we can see that its looping after "Removed Accept-Encoding header"

      BR