For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

steve_011's avatar
steve_011
Icon for Nimbostratus rankNimbostratus
Dec 06, 2016

Terminate SSL and open TCP socket connection inside

I need to answer a socket tunnel request in the form of ssl://servername, terminate the SSL at the F5 and open a connection to the inside server on an arbitrary port over an unencrypted connection. T...
application delivery
devops
iRules
Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Dec 06, 2016

The answer to this question is simple. You can't do it.

 

If you have a virtual server with a HTTP profile attached and you receive traffic that is not HTTP the F5 will block the traffic. Nothing will be processed through the virtual server.

 

The nature of virtual servers is they are a one protocol shop. You cannot process more than one type of traffic per virtual. You can strip it down to layer 4 and decode packets and route based on that information but then you lose all your layer 7 HTTP processing you are doing now. You lose access to all the HTTP commands and associated events.

 

In theory you are able handle more than one protocol above layer 4 but in practice its difficult to do as you have to manually decode the traffic yourself to do it.