For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

ProxyPass v10/v11

Problem this snippet solves: iRule to replace the functionality of Apache Webserver ProxyPass and ProxyPassReverse functions. Allows you to do hostname and path name modifications as HTTP traffic pa...
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
proxy
René_Geile's avatar
René_Geile
Icon for Cirrus rankCirrus
Apr 19, 2016

@John,

 

server SSL profile selection is independent from the rewrite and pool selection. You can create a datagroup named "ProxyPassSSLProfiles" which contains a list of pools and the SSL profile which should be used to access the pool. This datagroup is a single common list valid for all virtual server using ProxyPass iRule. There should be one entry for each HTTPS pool in the list.

 

If your virtual server is using mixed backends (https and http) you need to attach a server ssl profile to the VS because without a profile there is nothing the ProxyPass iRule can switch because server ssl processing is "not loaded/ disabled."

 

If you create a server ssl profile with "Mode = Disabled" and attach it to the virtual server you have a default of "HTTP to the pool" and with entries in the ProxyPassSSLProfiles datagroup you can select different encrypting profiles for HTTPs pools.