I'm using BIG-IP LTM
I have a VIP on port 4001 taking external connections, this goes to a pool with a client SSL cert.
I am trying to "route" to a different destination based on the source IP address. However, I need to manipulate the uri as well.
I have tried this via an iRule, but looking at the forum people are saying just use the policies section of the F5.
I am a network engineer by trade and I very rarely get this deep into LTM. Please can you assist? I have outputs from what I have tried below.
I have run packet captures and see that the request does forward, but in plain text (iRule output), so I have tried to encrypt it before sending it to the destination, but I don't think I'm doing it right.
pool_RTS_Azure = dev.api.comany.com:443
pool_RTS_4001 is the default pool
pool_RTS is the same as pool_RTS_4001
If you want to re-encrypts traffic on the server side by initiating a new SSL connection between the F5 BIG-IP and the web server add a SSL profile (Server) on your Virtual Server, eg severssl.
Despite this, all configuration seems OK.
This isn't working. With the iRule I can not change the host entry in the URI, it just forwards the request as it is to the pool. However, the policy does seem to work, but I receive an error back from the Azure server, like it's receiving a GET request rather than a POST.
Sorry, I didn't specify that I just looked at the LTM policy part. I'm not a big fan of iRules, i prefer to go through an LTM policy when I have a choice.
for HTTP method issue, it's necessary either to adjust the HTTP methods on the backend server or to modify the sent requests.
It depends on what you want to do with TLS/SSL trafic ?
SSL Offloading (clientssl profile/no serverssl profile on virtual server) terminates SSL at the F5 and the server side traffic is non-encrypted.
SSL Bridging (clientssl profile and serverssl profile on virtual server) terminates SSL at the F5 and then re-encrypts traffic to the server side.