Forum Discussion
cdmoss_14183
Nimbostratus
NimbostratusTransparent SSL Proxy
Hello all
I have a scenario that may be better suited for a proxy-IE
bluecoat. I wanted to see if F5 can do this before I purchase an additional
device .
I would like to be able to
terminate SSL, insert a URL , and then re
encrypt the traffic to the destination.
Source
and dest IP remain intact, so the F5 to
act transparently as an SSL
proxy
.So detail is as follows:
Client 1 : 1.1.1.1
Client 2 : 1.1.1.2
Server
:
X.X.X.X:443
Client 1-->https X.X.X.X :9000 -->F5
SSL hand shake
to client
Insert
URL /9000.html
Establish SSL:443
to server X.X.X.X
Client 2-->https X.X.X.X :9001
SSL hand shake
to client
Insert URL
URL /9001.html
Establish SSL:443
to server X.X.X.X
Is this
possible?
hooleylistCirrostratus
So you want to rewrite all URI's before the request is proxied to a static URI? It can be done using HTTP::uri. You can use an iRule like this to do it:when HTTP_REQUEST { HTTP::uri "/[TCP::local_port].html" }
You'll need a client SSL profile to decrypt the traffic. In order to avoid a cert mismatch warning on the client you'd need a cert/key that matches the hostname the client is making a request to.
And I'm still not sure how this will work for the client to get content back if every request URI is written to the same URI. But anyhow, this is technically possible.
Aaron