cancel
Showing results for 
Search instead for 
Did you mean: 

have ssl and non ssl pools (or pool members) for a VS

AlexS_yb
Cirrostratus
Cirrostratus

Hi

 

So I am migrating a nginx config over to F5. Some upstream end points are SSL and some are not.

 

So on my VS profile I have configured ssl (server), so by default all of my pool connections are SSL,

so default pool is ssl, no I add a irule to pull out specific uri and I want to send them to a different pool.

 

got the irule work and got the pool command working, but how do I tell it to no use ssl for this connection to this pool

 

 

1 ACCEPTED SOLUTION

You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

 

Hope it helps!

View solution in original post

6 REPLIES 6

You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

 

Hope it helps!

Okay why ltm over irule

 

also so setting in policy is only for that request, interesting.

thanks

 ,

 

When it comes to comparing LTM policy with iRule, LTM policies are much faster when it comes to executing the traffic conditions.

Good to know.

 

So side question currently I have a irule for the http to https. should i be doing that in profile - is there one ?

AlexS_yb
Cirrostratus
Cirrostratus

Last add on question for this - how do I manage policies in BIG-IQ. i removed the irule for http to https and created the equivalent policy.

 

I can re import my F5 instance into BIG-IQ -but can't find any place to edit / modify / create policies 😞

 

AlexS_yb
Cirrostratus
Cirrostratus

Seem to be having some issue with doing this with websockets. the backend is non ssl . how to capture a websocket connection to turn the backend into non ssl