Modify HTTP Request to Clone Pool

Question

We've been talking about this a bit internally but I thought I'd see if anyone on DC had any additional thoughts.

Situation - You must send traffic to your pool members over SSL while sending clear-text to your IDS. This is easy enough using the "virtual" command where your clone pool is attached to the first virtual (just client SSL profile) and your default pool is attached to your second virtual (listens on port 80, just has server ssl profile to encrypt traffic to pool.

Challenge - People post login credentials to your site and you don't want your IDS to see them as they'll be in clear-text. You still want to see the POST, but without a certain string of characters. You obviously need the original request to be sent to your default pool though so users are able to login.

michael_yates · Answer

That's an interesting challenge. 
&nbsp;  
&nbsp; Traffic to a Clone Pool is supposed to be an exact copy of what is sent to the Target Servers and an exact copy of the response from the Target Servers back to the client by sending the traffic to two MAC Addresses rather than one. 
&nbsp;  
&nbsp; I'm not sure that you can change one without affecting the other. 
&nbsp;  
&nbsp; If you don't get any leads here and open up a case can you post their response in this thread?

Forum Discussion

Modify HTTP Request to Clone Pool

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

HTTP request cloning

HTTP Request Cloning via iRules, Part 1

Clone Pool Across L3

Clone Pools

iRule to modify a content-security-policy header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS