Forum Discussion
Toby_80039
Nimbostratus
NimbostratusTunnelled HTTPS
Hi,
we are using a bigIP 3200 to loadbalance traffic. the traffic is loadbalanced towards a proxy server.
traffic in traffic out - pool2 (external)
| |
*-----------------------------*
| bigip |
*-----------------------------*
|
proxy pool
normal traffic comes in on trafic in interface and is loadbalanced to the proxy pool. the proxy pool fetches the content through the traffic out.
this works perfectly as long as we to not use a http profile for the connection.
the problem is that some of the traffic is tunneled https traffic. the tunneled https traffic is not working having the HTTP profile active.
we need to use the http profile in order to have the current iRule active.
when HTTP_REQUEST {
if {[HTTP::uri] contains "url1" } {
snatpool public_SNAT_POOL
pool pool2
}
}
does anyone have an idea on what is wrong?
All help is apreciated!
Thanks!
2 Replies
- I presume you are tunnelling the HTTPS using the HTTP "CONNECT" method?
If so, the HTTP state parser doesn't support that - once the connection becomes HTTPS it will be unable to parse the traffic flow and will give up, in a somewhat inelegant manner.
What you'll need to do is selectively disable the HTTP parser once you see a "CONNECT" method in the stream, and leave it disabled for the remainder of that TCP connection.
You'll want to look into the HTTP::disable and HTTP::detach commands from memory - let me know if nothing comes up searching here and I'll dig out an example I have from a while ago.
--
Aaron 
Toby_80039Thanks! I Apriciate the quick response!
Yes we are ussing the connect method. and your suggestion works! :D
