Forum Discussion
wtwagon_99154
Nimbostratus
NimbostratusQuestion about applying HTTP_REQUEST to HTTPS
Pretty new to iRules -- wanted to see if I could get some assistance.
I'm trying to make a rule as follows:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "2." } {
pool int36.443
}
elseif { [HTTP::uri] starts_with "3." } {
pool int79.443
}
}
When I apply this to the HTTPS VIP, it does not work. However, if i change it to 80 and apply it to our HTTP VIP, it works just fine.
Do I have to host the wildcard certificate as a server side certificate to get this to work?
We host the wildcard certificate on our application servers at this point in time.
3 Replies
- dennypayne
Employee
Hi,
If you are not offloading the SSL at the LTM, then you will not be able to do anything with HTTP traffic contained within the encrypted stream that is passing through.
So you'd need to set up a clientssl profile using your certificate, and if you wanted to re-encrypt before going to the server, then you would also use a serverssl profile (on which the certificate doesn't really matter).
Denny 
wtwagon_99154Thanks,
just to confirm:
I will need to import the certificate from the server on to the LTM, and then create a clientssl profile. The clientssl profile should contain the certificate and the key?- dennypayneThat's correct (the LTM accepts PEM/OpenSSL format certificates). Also if you don't use the serverssl profile the application will begin receiving connections in clear text so you also need to make sure that is acceptable.
Denny
