Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

steve_011's avatar
steve_011
Icon for Nimbostratus rankNimbostratus
9 years ago

Terminate SSL and open TCP socket connection inside

I need to answer a socket tunnel request in the form of ssl://servername, terminate the SSL at the F5 and open a connection to the inside server on an arbitrary port over an unencrypted connection. T...
application delivery
devops
irules
Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
9 years ago

The answer to this question is simple. You can't do it.

 

If you have a virtual server with a HTTP profile attached and you receive traffic that is not HTTP the F5 will block the traffic. Nothing will be processed through the virtual server.

 

The nature of virtual servers is they are a one protocol shop. You cannot process more than one type of traffic per virtual. You can strip it down to layer 4 and decode packets and route based on that information but then you lose all your layer 7 HTTP processing you are doing now. You lose access to all the HTTP commands and associated events.

 

In theory you are able handle more than one protocol above layer 4 but in practice its difficult to do as you have to manually decode the traffic yourself to do it.