For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jeremy__DeVoll_'s avatar
Jeremy__DeVoll_
Icon for Nimbostratus rankNimbostratus
Aug 17, 2006

SSL and partial page encryption

encryption/decryption occur on the F5; however our Dev team has two requirements for encryption:     I. Full page encryption.   II. Partial page encryption (specific form fields).   ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 18, 2006
Hi,

 

 

Yes, I think this is possible. You would want to configure a client SSL profile with the SSL certificate and attach that to an HTTPS VIP. You would also create an HTTP VIP to handle the HTTP requests.

 

 

You could then use a stream profile (most efficient) or write a rule that would replace text within the HTML in the HTTP response of the server to force the client to make requests for HTTPS for some of the content. Depending on what content you want to rewrite you may need to attach a stream profile to rewrite the content to both the HTTP and the HTTPS VIPs.

 

 

For details on the stream profile, check this post and the ones it links to:

 

Click here

 

 

And keep Deb's tip in mind:

 

 

Don't forget that if you use the stream profile with different length source and target values, and your servers are sending data unchunked, you'll need to enable re-chunking on the HTTP profile, otherwise the Content-Length header will still contain the original (now incorrect) content length value (headers are sent before the stream replacement is performed)

 

 

 

Aaron