08-Aug-2021 16:34
Hi
So I am migrating a nginx config over to F5. Some upstream end points are SSL and some are not.
So on my VS profile I have configured ssl (server), so by default all of my pool connections are SSL,
so default pool is ssl, no I add a irule to pull out specific uri and I want to send them to a different pool.
got the irule work and got the pool command working, but how do I tell it to no use ssl for this connection to this pool
Solved! Go to Solution.
09-Aug-2021 00:05
You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.
Hope it helps!
09-Aug-2021 00:05
You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.
Hope it helps!
09-Aug-2021 00:16
Okay why ltm over irule
also so setting in policy is only for that request, interesting.
thanks
09-Aug-2021
00:27
- last edited on
24-Mar-2022
01:13
by
li-migration
,
When it comes to comparing LTM policy with iRule, LTM policies are much faster when it comes to executing the traffic conditions.
09-Aug-2021 00:48
Good to know.
So side question currently I have a irule for the http to https. should i be doing that in profile - is there one ?
09-Aug-2021 01:44
Last add on question for this - how do I manage policies in BIG-IQ. i removed the irule for http to https and created the equivalent policy.
I can re import my F5 instance into BIG-IQ -but can't find any place to edit / modify / create policies 😞
28-Aug-2021 01:49
Seem to be having some issue with doing this with websockets. the backend is non ssl . how to capture a websocket connection to turn the backend into non ssl