Forum Discussion
CirrostratusWhen HTTP URL hitting the Virtual server with client SSL profile on port no 500, Will it accept the traffic?
Hi ,
any one guide what exactly happens here, it is not working, but i need to know is it possiable to make it work for both HTTP and HTTPs for VIP with client SSL profile
URL:
https://testdomain:500/home.asp
A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.
Rodrigo
IRONMANThanks, But i Want to know if it on port 8080, what happens when traffic coming from HTTP , not using HTTPS? VIP applied with Client SSL profile!
Rodrigo_AlbuqueCirrocumulus
A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.
Rodrigo
- IRONMAN
Thanks, So i can allow the non ssl traffic.