For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

James_Harris_11's avatar
James_Harris_11
Historic F5 Account
Feb 21, 2007

Need to have HTTP Profile turned on?

Do I need to have an HTTP profile enabled to do an iRule that does something along the lines of:     when HTTP_REQUEST {     if { not (([HTTP::uri] contains "something unique here") and...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 22, 2007
I would guess that you don't have a client SSL profile configured on the virtual server. When you add an HTTP profile to a virtual server, you're instructing BIG-IP to parse the content as HTTP. If the client is making an HTTPS request to the virtual server and you want to inspect/change the HTTP content of the request, you must use a client SSL profile to decrypt the traffic. Else, as you've found BIG-IP will reset the connection.

 

 

Typicaly, you would want to configure the virtual server on port 443 with an client SSL profile to decrypt the traffic. You'd then add a pool of nodes defined on port 80. You could then add an HTTP profile if you want to inspect the HTTP content.

 

 

You can check the configuration guide for your version on AskF5 to get details on configuring a client SSL profile and setting up load balancing.

 

 

Aaron