Modify HTTP Request to Clone Pool

Question

We've been talking about this a bit internally but I thought I'd see if anyone on DC had any additional thoughts.

Situation - You must send traffic to your pool members over SSL while sending clear-text to your IDS. This is easy enough using the "virtual" command where your clone pool is attached to the first virtual (just client SSL profile) and your default pool is attached to your second virtual (listens on port 80, just has server ssl profile to encrypt traffic to pool.

Challenge - People post login credentials to your site and you don't want your IDS to see them as they'll be in clear-text. You still want to see the POST, but without a certain string of characters. You obviously need the original request to be sent to your default pool though so users are able to login.

michael_yates · Answer

That's an interesting challenge. 
&nbsp;  
&nbsp; Traffic to a Clone Pool is supposed to be an exact copy of what is sent to the Target Servers and an exact copy of the response from the Target Servers back to the client by sending the traffic to two MAC Addresses rather than one. 
&nbsp;  
&nbsp; I'm not sure that you can change one without affecting the other. 
&nbsp;  
&nbsp; If you don't get any leads here and open up a case can you post their response in this thread?

Forum Discussion

Modify HTTP Request to Clone Pool

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

HTTP request cloning

Clone Pool Across L3

Distributed caching of authentication requests with NGINX Ingress Controller

Modifying multiple entries in a datagroup via api?

Modifying iCall from TMSH

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS