For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dayton_Gray_103's avatar
Dayton_Gray_103
Icon for Nimbostratus rankNimbostratus
Jun 07, 2007

SSL unencrypt/reencrypt after looking at header

Here is my situation.     We are looking to send SSL (port 443) traffic to different pools based upon host header. and either un-encrypt or re-encrypt based upon pool used. I have not found any ...
application delivery
dev
devops
iRules
Dayton_Gray_103's avatar
Dayton_Gray_103
Icon for Nimbostratus rankNimbostratus
Jun 13, 2007
I added some logging into the iRule. According to the logs it looks like it is getting redirected to the proper pool and that the SSL::Disable is triggering:

 

 

Jun 13 12:34:16 tmm tmm[1629]: 01220002:6: Rule FOG_Passthrough_443 : local0."test1"

 

Jun 13 12:34:16 tmm tmm[1629]: 01220002:6: Rule FOG_Passthrough_443 : local0."nossl"

 

 

Any idea why the web server would be getting 501 errors in the logs? Is this because the browser still has https in the url?

 

 

 

when HTTP_REQUEST {

 

set reencrypt 0

 

if { [HTTP::header Host] == "xxxxxxxxxxx" }{

 

{

 

pool xxxxxxxxxxxx

 

log local0."test1"

 

} else {

 

set reencrypt 1

 

pool fog-sec.443

 

log local0."test2"

 

}

 

}

 

when SERVER_CONNECTED {

 

if { $reencrypt == 0 }{

 

SSL::disable

 

log local0."nossl"

 

}

 

}