Forum Discussion

Nimbostratus

Jun 01, 2009

iRule SSL passthrough

Hi I would like incoming SSL connection to terminate on the webserver, instead of the LTM. I have the below irule: when HTTP_REQUEST { SSL::disabl...

Cirrostratus

Jun 15, 2009

Hi Jan,

If you want to pass the SSL through, then you can configure a standard TCP virtual server without an HTTP profile. Typically, the virtual server and the pool member(s) should be configured on port 443.

If you want to decrypt the SSL, you need to import the cert and key, create a custom client SSL profile and add it to a standard TCP virtual server. Typically, the virtual server should be configured on port 443 and the pool member(s) should be configured on port 80.

If you try one of these options and it doesn't work, try posting your virtual server and profile configuration using 'b virtual VIRTUAL_NAME list' and 'b profile clientssl CLIENTSSL_PROFILE_NAME list'.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule SSL passthrough

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Dump all host running services during APM logon

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

HA Failover between two Datacenters

Related Content

Passthrough IPSec with AFM

HTTPS passthrough fallback URL

SSL Orchestrator Service Extensions: DoH Guardian

wccp configuration for SSL Orchestrator

Announcing F5 NGINX Gateway Fabric 1.4.0 with IPv6 and TLS Passthrough

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS