Forum Discussion

Nimbostratus

Feb 03, 2015

SSL offloading for https traffic

Scenario: Nodes:Node1,Node2,Node3 Pool:Node1,Node2 Virtual Server:ABC VIP 1.1.1.1 Port any SSL offloading is configured on LTM with clientssl profile attached to the ...

Cumulonimbus

Feb 03, 2015

do you mean combine? should be as simple as:

when CLIENT_ACCEPTED {
    if { [TCP::local_port clientside] != 443} {
        SSL::disable clientside
        SSL::disable serverside
    }
}
when HTTP_REQUEST {
    set uagent [string tolower [HTTP::header User-Agent]]
    if { $uagent contains "msie6" or $uagent contains "msie7" or $uagent contains "msie8" or $uagent contains "mozilla/4.0"}{
        pool pool1
    } else {
        pool pool2
    }
}

AjayPra_161698
Nimbostratus
Feb 03, 2015
thanks shaggy . so with this irule. For http traffic on VS VIP:Any http traffic will not be affected due to ssl profile .. and pool will be selected based on useragent value. For https traffic . Client Side SSL traffic offloading will be done and pool will be selected based on the http header useragent value ?
shaggy_121467
Cumulonimbus
Feb 03, 2015
that's how it should work. i didn't test it out, so it may be worth checking in a test environment before putting it into production
AjayPra_161698
Nimbostratus
Feb 04, 2015
Hi Shaggy, I came across Non-SSL Connections setting on client ssl profile.I think with this setting we needn't to disable ssl for non https traffic Accepting non-SSL connections Using the Non-SSL Connections setting, you can configure the BIG-IP system to accept connections that are not SSL connections. In this case, connections pass through the BIG-IP system in clear-text format. By default, this setting is disabled. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_ssl_profiles.html