Forum Discussion

cdmoss_14183's avatar
Icon for Nimbostratus rankNimbostratus
Jun 14, 2011

Transparent SSL Proxy


Hello all


I have a scenario that may be better suited for a proxy-IE bluecoat. I wanted to see if F5 can do this before I purchase an additional device .


I would like to be able to terminate SSL, insert a URL , and then re encrypt the traffic to the destination.


Source and dest IP remain intact, so the F5 to act transparently as an SSL proxy . So detail is as follows:



Client 1 : Client 2 : Server : X.X.X.X:443



Client 1-->https X.X.X.X :9000 -->F5


SSL hand shake to client


Insert URL /9000.html


Establish SSL:443 to server X.X.X.X


Client 2-->https X.X.X.X :9001


SSL hand shake to client


Insert URL URL /9001.html


Establish SSL:443 to server X.X.X.X



Is this possible?



1 Reply

  • So you want to rewrite all URI's before the request is proxied to a static URI? It can be done using HTTP::uri. You can use an iRule like this to do it:

    when HTTP_REQUEST {
       HTTP::uri "/[TCP::local_port].html"

    You'll need a client SSL profile to decrypt the traffic. In order to avoid a cert mismatch warning on the client you'd need a cert/key that matches the hostname the client is making a request to.

    And I'm still not sure how this will work for the client to get content back if every request URI is written to the same URI. But anyhow, this is technically possible.