Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

have ssl and non ssl pools (or pool members) for a VS

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus

‎08-Aug-2021 16:34

Hi

 

So I am migrating a nginx config over to F5. Some upstream end points are SSL and some are not.

 

So on my VS profile I have configured ssl (server), so by default all of my pool connections are SSL,

so default pool is ssl, no I add a irule to pull out specific uri and I want to send them to a different pool.

 

got the irule work and got the pool command working, but how do I tell it to no use ssl for this connection to this pool

 

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Mayur_Sutare
MVP
MVP

‎09-Aug-2021 00:05

You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

 

Hope it helps!

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
Mayur_Sutare
MVP
MVP

‎09-Aug-2021 00:05

You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

 

Hope it helps!

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to Mayur_Sutare

‎09-Aug-2021 00:16

Okay why ltm over irule

 

also so setting in policy is only for that request, interesting.

thanks

0 Kudos

Go to solution
Mayur_Sutare
MVP
MVP

‎09-Aug-2021 00:27 - last edited on ‎24-Mar-2022 01:13 by Fog

 ,

 

When it comes to comparing LTM policy with iRule, LTM policies are much faster when it comes to executing the traffic conditions.

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to Mayur_Sutare

‎09-Aug-2021 00:48

Good to know.

 

So side question currently I have a irule for the http to https. should i be doing that in profile - is there one ?

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus

‎09-Aug-2021 01:44

Last add on question for this - how do I manage policies in BIG-IQ. i removed the irule for http to https and created the equivalent policy.

 

I can re import my F5 instance into BIG-IQ -but can't find any place to edit / modify / create policies 😞

 

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus

‎28-Aug-2021 01:49

Seem to be having some issue with doing this with websockets. the backend is non ssl . how to capture a websocket connection to turn the backend into non ssl

0 Kudos
Copyright © 2023 Khoros, LLC