Forum Discussion
jay_britton_414
Nimbostratus
NimbostratusSelective SSL offload based on URL
Hi All,
I have a Internet facing VIP on port 443 offering SSL offload for a number of URL's. It's since been discovered that one of these applications does not support SSL offload and it must do...
Kevin_Stewart
Employee
EmployeeActually no, sort of. HTTP host and URI values are not visible until after SSL decryption. That said, if you're strictly talking about URI paths, then it's a hard NO. But if you're talking about host names, you could conceivably do this for TLS-based clients (clients that support the TLS protocol, which is usually anything greater than WinXP). Using an iRule to sniff the server_name extension field in a CLIENTHELLO message, you could persist to a pool and disable client side SSL offload.
