I'm using BIG-IP LTM
I have a VIP on port 4001 taking external connections, this goes to a pool with a client SSL cert.
I am trying to "route" to a different destination based on the source IP address. However, I need to manipulate the uri as well.
I have tried this via an iRule, but looking at the forum people are saying just use the policies section of the F5.
I am a network engineer by trade and I very rarely get this deep into LTM. Please can you assist? I have outputs from what I have tried below.
I have run packet captures and see that the request does forward, but in plain text (iRule output), so I have tried to encrypt it before sending it to the destination, but I don't think I'm doing it right.
pool_RTS_Azure = dev.api.comany.com:443
pool_RTS_4001 is the default pool
pool_RTS is the same as pool_RTS_4001
If you want to re-encrypts traffic on the server side by initiating a new SSL connection between the F5 BIG-IP and the web server add a SSL profile (Server) on your Virtual Server, eg severssl.
Despite this, all configuration seems OK.
This isn't working. With the iRule I can not change the host entry in the URI, it just forwards the request as it is to the pool. However, the policy does seem to work, but I receive an error back from the Azure server, like it's receiving a GET request rather than a POST.
Sorry, I didn't specify that I just looked at the LTM policy part. I'm not a big fan of iRules, i prefer to go through an LTM policy when I have a choice.
for HTTP method issue, it's necessary either to adjust the HTTP methods on the backend server or to modify the sent requests.
Am I right in using the ssl server part? Something doesn't feel right as we don't normally use it on our VIPs.
We're sending the body as a POST request.
It depends on what you want to do with TLS/SSL trafic ?
SSL Offloading (clientssl profile/no serverssl profile on virtual server) terminates SSL at the F5 and the server side traffic is non-encrypted.
SSL Bridging (clientssl profile and serverssl profile on virtual server) terminates SSL at the F5 and then re-encrypts traffic to the server side.