Need Assistance with SSL Websockets

Question

I have two VIPS.  One VIP has port 80 and the same VIP also is configured for port 443.  Behind these VIPS are severs that run websockets.  I created an irule for the http that works but for the 443 it does not.  Suggestions?&nbsp;
irule applied to the http VIP&nbsp;
when HTTP_REQUEST { 
if { ([HTTP::uri] starts_with "/socket.io") } {
HTTP::disable
} 
}&nbsp;

jpv_131616 · Answer

did you enable http profile on 443 vip also?&nbsp;
if not it acts like a passthrough and the irule won't work...&nbsp;
thx&nbsp;

ron_130795 · Answer

Thanks JPV.  I do have 'http' enable on the http profile for the 443 VIP.

eric_st__john · Answer

Along with the http profile(which I assume you have configured based on the HTTP::disable command), you will be required to configure a clientssl and serverssl profile.  As the traffic passing through the BIG-IP is encrypted without those, you will not see the URI.&nbsp;
If you are running v11.4.0 or higher, you should not have to disable the http profile as the BIG-IP code should account for WebSocket traffic and disable it automatically.&nbsp;
SOL14754&nbsp;
Eric&nbsp;

ron_130795 · Answer

I have a clientssl, however can I use the default serverssl?&nbsp;

eric_st__john · Answer

You should be able to use the default serverssl, or serverssl-insecure-compatible.&nbsp;
Eric&nbsp;

Forum Discussion

Need Assistance with SSL Websockets

5 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

Introducing the F5 AI Assistant for BIG-IP

Load Balancing WebSockets

enable WebSocket profile.

Re: Welcome to the F5 BIG-IP Migration Assistant

Introducing AI Assistant for F5 Distributed Cloud, F5 NGINX One and BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS