Forum Discussion
TJ_Vreugdenhil
Mar 14, 2012Cirrus
LB HTTPS Reverse Proxy
It it possible to use the existing HTTP server addresses below:
http://www.domain.com/online/index.cfm?template=text
http://www.domain.com/online/index.cfm?template=receive_alerts
http://www.domain.com/privacy/index.cfm?template=learn_about
and have the client use HTTPS addresses to point to the F5?
https://www.domain.com/online/index.cfm?template=text https://www.domain.com/online/index.cfm?template=receive_alerts https://www.domain.com/privacy/index.cfm?template=learn_about
Hoping this would terminate SSL on the LB 10.2.x and directing traffic to the server on HTTP for only these URL's above. Leaving the server configuration untouched.
Is this possible?
Would I need a clientSSL profile (certificate & key)?
What kind of certificate would I need?
Does my iRule look ok?
config b class template_dg list
class template_dg {
{
"learn_about"
"receive_alerts"
"text"
}
}
config b rule myrule list
rule myrule {
when HTTP_REQUEST {
if {[class match -- [URI::query "? [HTTP::query]" template] equals template_dg]}{
HTTP::redirect https://["host"][URI::query]
}
}
}
Much Thanks!
- hooleylistCirrostratusThat looks about right. This assumes that the client isn't making POST requests to the URIs with the template parameter. If they were, they'd get redirected and make a GET request to the HTTPS URI from the redirect.
when HTTP_REQUEST { if {[class match -- [URI::query [HTTP::uri] template] equals template_dg]}{ HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
- hooleylistCirrostratusSorry I missed a couple of your questions:
- Thanks so much Aaron. This just got a little more complicated.
- koenning_107182NimbostratusHi,
https://devcentral.f5.com/wiki/iRules.ssl__disable.ashxSSL::disable [clientside | serverside]
- Our infrastructure masks several redundant LTM's. So using the existing number of HTTPS VIPS we have for this domain, would yes, avoid new IPs, new certs, etc.
- nitassEmployeeshouldn't SSL::disable serverside be in HTTPS' irule (rather than in HTTP's irule)?
- @Nitass - the iRule will be applied to an HTTPS VIP
- @Nitass - the iRule will be applied to an HTTPS VIP
- nitassEmployee@Nitass - the iRule will be applied to an HTTPS VIP
- ahhh. I missed that - thank you!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects