Security offload for SFTP
What's the latest status about offloading SFTP/SSH? Is this still not possible? I'm looking for an alternative solution to offload some security features for SFTP, because due to SNAT the server only sees the LBs IP-address and therefor can't use this for the blacklist. Disabling SNAT and having the LB as DFGW for the server is not an option. And as SFTP doesn't support and kind of XFF, I was wondering if I can use any nice iRule to check for not allowed usernames or the number of failed login attempts. We also have only LTM module available. Thanks for any ideas or further information! Regards Stefan 🙂
Rewrite URL in header and add URI
Hi, I have this to achieve, and I'm getting a bit lost: So the client hits a VIP on port 443, SSL is offloaded with a CA certificate (abc.com), and traffic is re encrypted and sent to pool member on port 8044, which has a certificate for xyz.com/some_uri. So I need an iRule to: 1) Change URL in header from abc.com to xyz.com 2) Add /some_uri at the end of URL Is that even possible? I mean the iRules should affect the incoming traffic after it's being decrypted, right? If so, how to design those iRules (it's not a redirect, isn't it?) I was thinking of something like this, but I'm not sure this will do the trick: when HTTP_REQUEST { HTTP::header replace Host xyz.com HTTP::uri /some_uri } Also, the client comes with it's own certificate, which than has to be passed to the pool member to authenticate (not on the F5, the authentication has to be made on the real server). Is it enough to check the Proxy SSL checkbox in the profile?
Is stream irule is necessary to fix mixed content issue?
Hi I've perform ssl offload (http vs+redirect irule & https vs+offload) many website and see many which have mixed content issue. Is stream irule is necessary and only way to fix mixed content issue? The thing is when we see mixed content. we will use stream irule and most of the time, It's working fine. But sometimes website will have new issue arise due to stream irule. (when take it out, it working fine. but we still have to click accept content from browser due to mixed content problem) Thank you KerSSL offload on non-standard port
Hi We have application which run on port 8945. Can we perform ssl offload on this port? I try to create virtual server port 8945 with SSL client profile but when user connect (or server return http 30x) with http://app.com:8945 ..... Application is fail due to we have ssl client profile configured. I understand if server use standard port 80, we can config two virtual server (80,443) then perform offload on vs port 443 and redirect on vs port 80. but in this case we can't create two virtual server with the same port 8945. Thank you
SSL Offload causes "warning" on browser
We're using SSL offload but have run into a problem that I can't seem to find the answer for. Our redirect and SSL offload are working. The cert is valid and we have no issues with the session setup. Our problem is that the client browser is posting a warning about non-secure content in the page because the webserver is including code that has http:/// instead of https:. There must be a simple answer to prevent this, but I can't seem to find it. Any help will be very appreciated.
