irule with ProxySSL feature enabled is not worling

Question

Hi,
I understand that all SSL events are disabled when ProxySSL feature is enable in ssl profiles (client and server).
Other question is, is it possible to make irule to send to different pools based on user agent? I tried to log user agent into HTTP_REQUEST event and I can obviously see it. When I try to send to pool If user agent match e condition it seems it does not work, is it correct?
Someone know if it is possible to redirect traffic to diffente pools based on user agent (or something else) when using ProxySSL feature?
What kind of event and irules can I use when ProxySSL enabled? So, what can I do when this feature is enabled?
Thanks a lot
Elena&nbsp;

arnaud_lemaire · Answer

Hello Elena,
it doesn't surprise me, proxySSL is transparent to the SSL session establishment between client and back end server. The SSL connection is negociated directly by endpoints, and the bigip just come into play after that. This means that when you arrive at the l7 proxy for HTTP, you already have established opend ssl session between client and backend. We may eventually find a way  to switch to another server with exactly the same SSL keys/cert but that would be a requierement i guess. &nbsp;

Forum Discussion

irule with ProxySSL feature enabled is not worling

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Profile ssl server using pass phrase

error code 503 redirect irule

AST Configuration Assistance

F5OS VLAN naming length restrictions

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

Aswin MK - November 2025 Featured Member

Bram - January 2026 Featured Member

Kostas Injeyan - October 2025 Featured Member

F5 NGINX One Console June Features

APM-Specific Features for Securing Your Website

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS