Forum Discussion

AjayPra_161698's avatar
AjayPra_161698
Icon for Nimbostratus rankNimbostratus
Feb 03, 2015

SSL offloading for https traffic

Scenario:   Nodes:Node1,Node2,Node3   Pool:Node1,Node2   Virtual Server:ABC   VIP 1.1.1.1   Port any   SSL offloading is configured on LTM with clientssl profile attached to the ...
application delivery
availability
design
LTM
TMOS
TMSH
shaggy_121467's avatar
shaggy_121467
Icon for Cumulonimbus rankCumulonimbus
Feb 03, 2015

The following rule will disable SSL processing if the port is not 443. The client-ssl/server-ssl profiles will still be assigned in the virtual server config

when CLIENT_ACCEPTED {
    if { [TCP::local_port clientside] != 443} {
        SSL::disable clientside
        SSL::disable serverside
    }
}
  • AjayPra_161698's avatar
    AjayPra_161698
    Icon for Nimbostratus rankNimbostratus
    Feb 03, 2015
    Thanks a lot shaggy My intension to do ssl off loading is to match the user agent value in http header for which I have irule as following .It seems I have to club the irule which you have provided and the one as below. when HTTP_REQUEST { set uagent [string tolower [HTTP::header User-Agent]] if { $uagent contains "msie6" or $uagent contains "msie7" or $uagent contains "msie8" or $uagent contains "mozilla/4.0"}{ pool pool1 } else { pool pool2 } }
  • shaggy_121467's avatar
    shaggy_121467
    Icon for Cumulonimbus rankCumulonimbus
    Feb 03, 2015
    you should be able to do all of that in one iRule. Add your HTTP_REQUEST event stanza after the CLIENT_ACCEPTED event stanza