Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

HTTP and HTTPS on a single virtual server

Problem this snippet solves: iRule to support a virtual server on port 0, a client SSL profile, and an HTTP pool. The goal is to replace two separate HTTP and HTTPS virtual servers with a single v...
Published Mar 18, 2015
Version 1.0
devops
irules
security
oguzy's avatar
oguzy
Icon for Cirrostratus rankCirrostratus
Feb 06, 2018

Hi Aaron,

 

We put a proxy server behind a virtual server to able to access some external publication (online libraries etc.) from the external network. Also, we use apm ad authentication, sso, local db etc. Proxy server works in two ways such as subdomain or port based. We did not want to buy a subdomain ssl wildcard certificate and chose port based solution.

 

We created a virtual server which listens all port, both client and server ssl profiles are selected. Moreover, we created lots of virtual server which listens to specific ports such as 2073, 2141 etc. In that virtual servers, client and server profiles are not selected. Everything works fine with that kind of configuration. However, sometimes additional port requirement emerges and we have to create additional virtual servers. We do not want to create additional virtual servers and want to handle this issue using irules (ssl disable) and data groups.

 

  • Client Ssl profile: the certificate (also installed in the pyhsical server)
  • Server Ssl profile: serverssl-insecure-compatible

Thanks to your guidance I tried to resolve the issue, however it does not work again. The server ssl profile may be lead to this problem.

 

Do you have any idea?

 

Thanks.

 

Edit: Hi again. I figure out the issue. The serverside ssl disable should be done within the SERVER_CONNECTED event. Have a nice day!