For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mubasher_Sultan's avatar
Mubasher_Sultan
Icon for Nimbostratus rankNimbostratus
May 13, 2013

SSL-Ofloading on Port 8081 !!!

  Hi,   I have a requirement of doing an client ssl offload on the BIG-IP.   Currently, the VIP is 10.10.10.10 and the below is working fine   http://10.10.10.10:8081/sm/index.do   W...
config
design
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
May 13, 2013
You just need a client SSL profile attached to the virtual server. It would appear, since users will just type https://10.10.10.10 into the browser, that the virtual server will be listening on port 443 (the default port for HTTPS). You then just need a pool with your port 8081 members added. Make sure port and address translation are enabled, and you should be good to go. The client SSL profile will terminate the SSL and pass the unencrypted payload to the port 8081 servers.

 

 

As for the URI redirect, you have a few options:

 

 

1. Let the server do it.

 

 

2. physically redirect the user (via 302 message) with an iRule (this will change the address in the browser:

 

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" } {

 

HTTP::redirect "/sm/index.do"

 

}

 

}

 

 

3. If you don't want the user to see the URI, silently change it with the HTTP::uri command:

 

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" } {

 

HTTP::uri "/sm/index.do"

 

}

 

}