For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mahendra_Satras's avatar
Mahendra_Satras
Icon for Nimbostratus rankNimbostratus
Nov 17, 2006

re-routing requests

Current set up in F5 -

 

 

Virtual Server list -

 

name:httpInternet,default pool-dpool,port-80

 

name : httpsInternet, default pool - dpool, port - 443

 

name :ws, default pool - wspool , port - 80

 

 

I apply an IRule on 'httpInternet' for re-routing requests to a different pool (wspool) if a certain condition is met.

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/blah" } {

 

pool wspool

 

}

 

}

 

 

The above works great.

 

 

But if I apply the same rule on 'httpsInternet', the requests are not re-routed.

 

I change the IRule that is applied to 'httpsInternet' to -

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/blah" } {

 

HTTP::redirect http://[HTTP::host] [HTTP::uri]

 

}

 

}

 

 

and it would work but the SSL session with client is not maintained any more.

 

 

Is there a way where I can maintain a SSL session and have this working?

 

 

Thanks in advance.
application delivery
dev
devops
iRules

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 17, 2006
    Hi,

     

     

    If you want the BIG-IP to be able to inspect or respond to HTTP, you need to decrypt the HTTPS traffic with a client SSL profile. If you need to use SSL between the BIG-IP and the nodes, you can use a server SSL profile in addition to the client SSL profile.

     

     

    You can't pass the SSL through the BIG-IP and add a rule which inspects or modifies the HTTP content though.

     

     

    Aaron