Forum Discussion
Redirect to pool to bypass SSL offloading for Exchange Hybrid setup - syntax issue(s)
This only becomes an issue for SSL Offload not SSL Bridging. We need to tell the F5 to use SSL on the backend between the F5 & cas servers for /ews/mrsproxy.svc. First create a pool that contains all the cas servers on port 443. Next modify the existing exchange https vip to include a server-ssl profile. Finally, modify the combined/pool selector rule as follows:
Code
when HTTP_REQUEST {
SSL::disable serverside
switch -glob -- [string tolower [HTTP::path]] {
"/ews/mrsproxy.svc" {
Exchange Web Services ==> use 443 cas server pool and enable server ssl for o365 mailbox moves.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool /Common/Exch2010_ssl_pool
SSL::enable serverside
COMPRESS::disable
CACHE::disable
return
}
This iRule disables serverside SSL for all http requests, then selectively enables serverside SSL for requests to the URI: "/ews/mrsproxy.svc". It then selects the new ssl/443 pool created earlier.
Note: there will be some outage/impact for new connections between adding the serverside ssl profile & modifying the iRule to disable serverside ssl on all other connections.
- Damien_Solodow_Oct 17, 2016Nimbostratus
Thread necromancy!
Should the block above go in the iRule before or after the existing "/ews*" section?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com