For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Naman_65674's avatar
Naman_65674
Icon for Nimbostratus rankNimbostratus
Sep 02, 2008

SSL command on non-SSL VIP

Hello,     I want to create an Irule which will be used by two VIPs, one which uses SSL and the other doesnt. Dont ask why but i want to do something like this:     if { [TCP::lo...
application delivery
dev
devops
iRules
Nicolas_Menant's avatar
Nicolas_Menant
Icon for Employee rankEmployee
Sep 02, 2008
Hi,

The SSL::disable command works when the BIGIP is the SSL termination of the SSL flow.

In your configuration it must not be the case, the SSL flow is established between the client and the server.

This is for example when you process HTTP and HTTPS on the same virtual server:port

then you can do something like this: 

  
   class http_methods {        
      "GET”        
      “POST”        
      “HEAD”         
      “PUT”        
   }         
                  
   when CLIENT_ACCEPTED {        
      TCP::collect 5        
   }         
           
   when CLIENT_DATA {        
      if { [matchclass [TCP::payload] starts_with $::http_methods] } {        
          SSL::disable        
      }        
   }

This way if it's HTTPS you maintain your SSL configuration to make the BIGIP being the SSL termination with your client (ie it will talk in HTTPS) but if it's HTTP you receive then you disable your SSL profile to talk in HTTP only

N.