Forum Discussion

Ty__Trabosh_946's avatar
Ty__Trabosh_946
Icon for Nimbostratus rankNimbostratus
May 03, 2006

Selective SSL Re-Encryption based on URI

I've been given the task to try and write an Irule for a 4.5.9 system. Currenlty the SSL session is off loaded to the BIGIP then based clear text to the backend servers. What we would like to do is if the URI contains a srting I want to be able to Re-Encrypt before sending the connection to the servers. The backend servers happen to be the same for both the clear and encrypted traffic just different ports (Standard 80 and 443).

 

 

I've written this Irule before with version 9 and the SSL::disable using a variable $usessl == 0 or 1. However things in the 4.5.x world are a little different.

 

 

 

Example

 

 

https://v.server.com/app1/ --> Offload SSL Decrypt --> URI inspection --> port 80 backend server.

 

https://v.server.com/credit/ --> Offload SSL Decrypt --> URI inspection --> SSL Encrypt --> port 443 backend server.

 

 

 

Any pointers or tips would be of great assistance.

 

 

Thanks.
application delivery
dev
devops
iRules
v4
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    May 09, 2006
    Hi Ty --

     

     

    Just to close the loop after our conversation yesterday, selective re-encryption is not possible on v4.x.

     

     

    /deb
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    May 15, 2006
    Oops!

     

    I just discovered this fuctionality was added in the feature release branch, 4.6.

     

     

    The 2nd chaper of this doc ("SSL Proxy Selective Re-encryption") has the details: Click here

     

     

    /deb