For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dayton_Gray_103's avatar
Dayton_Gray_103
Icon for Nimbostratus rankNimbostratus
Jun 07, 2007

SSL unencrypt/reencrypt after looking at header

Here is my situation.     We are looking to send SSL (port 443) traffic to different pools based upon host header. and either un-encrypt or re-encrypt based upon pool used. I have not found any ...
application delivery
dev
devops
iRules
Dayton_Gray_103's avatar
Dayton_Gray_103
Icon for Nimbostratus rankNimbostratus
Oct 03, 2007
hoolio,

I'm still looking at solutions to this. F5 did not give any additional information. I think I am going to open a ticket and see how far that gets me. I need to get the below working with 9.4. I'm not thrilled to have to create new virtual servers to handle this as it will add a great deal of clutter and complexity. Have you made any progress with this?


when HTTP_REQUEST {
   if { [HTTP::header Host] == "xxx.xxxprd1.xxx.com" or [HTTP::header Host] == "xxx1.xxxprd1.int.xxx.com" }
  {
    set reencrypt 0
    HTTP::header remove "X-Forwarded-For"
    HTTP::header insert "ProxyHTTPS" "true"
    pool xxx_xxx
  } else {
    set reencrypt 1
    pool xxx1_xxx
  }
}
when SERVER_CONNECTED {
  if { $reencrypt == 0 }{
    SSL::disable
  }
}