cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

When HTTP URL hitting the Virtual server with client SSL profile on port no 500, Will it accept the traffic?

IRONMAN
Cirrostratus
Cirrostratus

Hi ,

 

any one guide what exactly happens here, it is not working, but i need to know is it possiable to make it work for both HTTP and HTTPs for VIP with client SSL profile

 

URL:

 

https://testdomain:500/home.asp

 

 

1 ACCEPTED SOLUTION

A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.

Rodrigo

 

View solution in original post

3 REPLIES 3

IRONMAN
Cirrostratus
Cirrostratus

Thanks, But i Want to know if it on port 8080, what happens when traffic coming from HTTP , not using HTTPS? VIP applied with Client SSL profile!

A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.

Rodrigo

 

Thanks, So i can allow the non ssl traffic.