Forum Discussion
Andrei_Bankousk
Nimbostratus
NimbostratusUsing BIP/iRule as SSL accelerator for non-web application
I would like to explore the possibility of using power of iRule and SSL acceleration to secure a non-web enabled application. Currenly the application consists of a client that connects directly to a ...
You probably don't want to use the HTTP profile as it will not be possible to completely remove the HTTP request headers (their necessary for HTTP to operate).
Unfortunately, that doesn't leave you with a lot of options. We've been working to solve this problem in the upcoming 9.4 release. In the meantime, here are your options:
A) Use the STREAM profile to wildcard match and trigger the STREAM_MATCHED event. You can then use the STREAM::match and STREAM::replace commands to simulate the TCP::payload command. You could then also use the STREAM::disable command to turn off the matching once you have found what you are looking for and connected to the back-end server. Alternatively, you could use the STREAM::expression command to change the search expression to whatever defines the end of the current request, so that you can break the connection and process the next request to another server.
B) Create a loopback vlan and a second virtual. Then decrypt on the first virtual and do the TCP payload inspection/manipulation on the second virtual.
In 9.4 we've added a "virtual
I would give option A) a try first as this should do what you need. You'll just need to be a little cunning about it. I'd love to see what you come up with...
