Forum Discussion
eszer_28053
Apr 26, 2012Nimbostratus
Throttle https virtual server requests, with non terminated ssl connections
This is what I'd like to implement:
---- https request ---- \ F5 ----- https request --- \ Web server
---- client certificate - / irule https Throttle ---- client certificate - /
I'm trying to use http throttle v10 and above: https://devcentral.f5.com/wiki/iRules.HTTP-Request-Throttle-version-10-1-and-above.ashx
Without ssl-termination, https virtual server doesn't work when applying an http profile.
This is the http-profile I'm using:
ltm profile http /Partition1/profile_HTTP {
app-service none
defaults-from /Common/http
}
Is it possible to throttle https request through irule https with non f5 ssl termination?
Is it possible to configure a http profile for a https virtual server?
- John_Matlock_42NimbostratusEszer,
- eszer_28053Nimbostratus
- John_Matlock_42NimbostratusThanks John, but we already tried terminating ssl connections in f5 and re-encrypt traffic, performance rate is unacceptable.
- eszer_28053Nimbostratusthanks anyway, we'll have to make big changes on application layer
- Chris_MillerAltostratusPosted By eszer on 04/27/2012 01:55 AM
- George_Watkins_Historic F5 AccountDouble check your key sizes and make sure that you're not using 4096-bit keys. Only 512, 1024, and 2048-bit are handled by the Cavium chip. 4096-bit keys are selectable from the Web UI, but will not be offloaded and will instead be handled by the x86 processor. This can cause performance degradation under load. This article indicates that keys larger than 4096-bit will use software encryption : SOL10580: Change in Behavior: Maximum supported key size for BIG-IP Client SSL and Server SSL profiles.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects