Forum Discussion

T_Rajneesh's avatar
T_Rajneesh
Icon for Nimbostratus rankNimbostratus
Jun 19, 2019

SSL issue "Server throwing SSL exceptions"

Hi, We have a setup where a request comes from Imperva to F5 will come as https but when sending request downstream to pool F5-> WCS, we are getting error. Possible the request needs to be modified...
application delivery
iRules
LTM
  • Dario_Garrido's avatar
    Dario_Garrido
    Jun 21, 2019

    Perfect!

     

    Please, don't forget to score my answer (or marking as "the best") if it was helpful for you ;-)

T_Rajneesh's avatar
T_Rajneesh
Icon for Nimbostratus rankNimbostratus
Hi Dario, We have VIP with both Client & Server SSL ​ offloading but here we have an I rule attached to this VIP, stating to send the request to other pool not associated to this VIP whose node/ server listening in port 3737 ​ example VIP Test..443 Pool abc​. Server 1 -443​ Server 2-443 ​ But irule attached in this VIP to sent traffic to Pool xyx Server 3-3737​
Dario_Garrido's avatar
Dario_Garrido
Icon for MVP rankMVP
Jun 20, 2019

You can have a VS with both SSL profiles (client & server) and desactivate one of them using an iRule (or even better a policy).

One example:

>> VS

ltm virtual VS-TEST_443 {
    destination 10.1.1.1:https
    ip-protocol tcp
    mask 255.255.255.255
    pool P-ABC_443
    profiles {
        clientssl {
            context clientside
        }
        http { }
        serverssl {
            context serverside
        }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
}

>> RULE

when HTTP_REQUEST {
    if { [HTTP::host] equals "url.com"}{
        SSL::disable serverside
        pool P-XYZ_3737
    }
}

IMPORTANT: the communication to the backend P-XYZ_3737 should have to be using HTTP (not HTTPS), to avoid errors.

KR,

Dario.