I have a condition that I have an application that needs to send api requests. and if it comes from a certen source ip I need to forward it to another pool. I cant do a redirect(302)..cause its api, I have to just send the traffic forward and it needs to be encrypted with ssl
I try to make it with Irule, I think I got that part that I rewrite the traffic but I cant make the use of ssl on the server side only
Irule -
when HTTP_REQUEST { if {[IP::addr [IP::client_addr] equals "10.10.10.10"]} { HTTP::header replace Host "xyz" pool another_pool-443 HTTP::uri "abcwq/" } }
You should be able to achieve this with a serverSSL profile on your virtual server.
If only this very specific traffic needs encryption, you could add an "else" statement with SSL::disable serverside command in addition to serverSSL profile.. something like this
when HTTP_REQUEST {
set nossl 1
if {[IP::addr [IP::client_addr] equals "10.10.10.10"]} {
HTTP::header replace Host "xyz"
pool another_pool-443
HTTP::uri "abcwq/"
set nossl 0
}
}
when SERVER_CONNECTED {
if {$nossl}{ SSL::disable }
}
firstly, configure the virtual server add a server ssl profile, the server ssl profile needs a cert and key
give your LTM configuration or screenshot(does LTM can ping pool members ip address?if LTM can ping, VS enable Automap,exclude network route problems ), list ltm virtual XXX. It is normal for us to test with bigip VE. At the same time, tcpdump is performed on the back-end server and in the LTM serverside direction to check out LTM whether send ClientHello packet in the serverside(when your back-end server performs https handshake whether want to force the ClientHello message to carry SNI fields?). Another point is that the URI in the normal format starts with "/",
