Forum Discussion

Altostratus

Nov 20, 2017

URI Rule in Rewrite profile disable Server SSL profile?

Hi, Setup: TMOS 12.1.2HF1 VS listening on port 80 Server SSL profile attached Rewrite profile settings: Rewrite Mode: URI Translation Parent Profile: rewrite Request Settings: Rewr...

Cirrostratus

Nov 22, 2017

Hi,

Will try to go via Support.

I am not sure about your last advice:

troubleshoot yourself how it is working (multiple rewrite rules depending on the URI and capture server side traffic to see if the F5 send the CLIENT_HELLO packet)

I already checked that when http is set in Server URI then BIG-IP is not sending any CLIENT_HELLO packets but still sending to port 443.

Immediately after changing http to https Server SSL profile starts to work - normal SSL Handshake performed and traffic encrypted.

What is strange that seems to be not a case if Local Traffic Policy is used to switch between Pools with selective disabling Server SSL.

Will have to test but I pretty sure that even if there is URI Rule http <-> http but selected pool member is using Server SSL it is not disabled - encryption works.

Piotr

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

URI Rule in Rewrite profile disable Server SSL profile?

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

DoS Profiles

Rewrite Profile JSON error

Client SSL Profile

Activate serverssl profile in iRule

HTTP Profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS