For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Florin_Andrei_2's avatar
Florin_Andrei_2
Icon for Nimbostratus rankNimbostratus
Mar 14, 2013

SSL-pass-through and redirect to different pool based on URL

Pair of HA LTMs in front of a webserver cluster. We have 2 virtual servers, one on port 80, the other on port 443. The one on 443 intercepts SSL connections. All connections going to these virtual se...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Mar 15, 2013
3. Then all such connections are passed to a different pool (same physical servers, different port - let's say tcp/4433), instead of the tcp/9000 pool for all URL requests not beginning with /login/you can use "pool" command to send traffic to another pool.

 

 

pool wiki

 

https://devcentral.f5.com/wiki/irules.pool.ashx

 

 

4. And the SSL connection is made pass-through to the tcp/4433 pool, the physical servers will handle the SSL certificate and whatnot for these connections.is re-encryption traffic on server-side acceptable (since client-side traffic has to be decrypted by bigip to see url)? if so, you can use SSL::disable/enable command to control.

 

 

SSL wiki

 

https://devcentral.f5.com/wiki/iRules.ssl.ashx