Forum Discussion

Nimbostratus

Jul 03, 2012

selective drop of SSL

I have a virtual server that has client and server ssl profiles so that incoming HTTPS is terminated then after processing is re-encrypted to the pool. There is an iRule that inspects the HTTP reques...

Employee

Jul 03, 2012

Depending on how many paths you would like to exclude from encryption, you could use a couple of different methods. The simplest method for a single path:

when CLIENT_ACCEPTED {
  SSL::disable serverside
}

when HTTP_REQUEST { 
  if {!([string tolower [HTTP::path]] starts_with "/standardhttppath") } {
    SSL::enable serverside
    }
}
 Or, if you have many paths that you would like to list in a data group (called 'standard_http_dg' in this example) 
 when CLIENT_ACCEPTED {
  SSL::disable serverside
}

when HTTP_REQUEST {
  if { ![class match [string tolower [HTTP::path]] starts_with standard_http_dg] } {
    SSL::enable serverside
    }
}

Regards,

Eric

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

selective drop of SSL

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

How do I drop traffic on ASM?

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL PROXY

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

GTM Selective Persistence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS