Forum Discussion
AjayPra_161698
Nimbostratus
NimbostratusSSL offloading for https traffic
Scenario:
Nodes:Node1,Node2,Node3
Pool:Node1,Node2
Virtual Server:ABC
VIP 1.1.1.1
Port any
SSL offloading is configured on LTM with clientssl profile attached to the ...
shaggyNimbostratus
Nimbostratusdo you mean combine? should be as simple as:
when CLIENT_ACCEPTED {
if { [TCP::local_port clientside] != 443} {
SSL::disable clientside
SSL::disable serverside
}
}
when HTTP_REQUEST {
set uagent [string tolower [HTTP::header User-Agent]]
if { $uagent contains "msie6" or $uagent contains "msie7" or $uagent contains "msie8" or $uagent contains "mozilla/4.0"}{
pool pool1
} else {
pool pool2
}
}
AjayPra_161698thanks shaggy . so with this irule. For http traffic on VS VIP:Any http traffic will not be affected due to ssl profile .. and pool will be selected based on useragent value. For https traffic . Client Side SSL traffic offloading will be done and pool will be selected based on the http header useragent value ?- shaggythat's how it should work. i didn't test it out, so it may be worth checking in a test environment before putting it into production
- AjayPra_161698Hi Shaggy, I came across Non-SSL Connections setting on client ssl profile.I think with this setting we needn't to disable ssl for non https traffic Accepting non-SSL connections Using the Non-SSL Connections setting, you can configure the BIG-IP system to accept connections that are not SSL connections. In this case, connections pass through the BIG-IP system in clear-text format. By default, this setting is disabled. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_ssl_profiles.html
