Using a Server-side HTTP and HTTPS to Different App Server Pools
I have an HTTPS virtual server that does SSL-termination for 150+ applications where the URL is of the form host.name.com/APP1, host.name.com/APP2, etc. The applications are J2EE and the LTM communicates with them using HTTP. The LTM takes the HTTPS request from the client on port 443 and sends it to the correct App server pool using HTTP on port 8080. The routing decision (which app server pool) is made by an iRule that matches APP(X) in the URL and selects the appropriate pool. This works well. Unfortunately, I have one application with a custom extension that needs a certain request to be forwarded as HTTPS (it does string matching on the request URL to verify the validity of the request - the source string is HTTPS and cannot be changed). I tried putting a server-side SSL profile on the virtual server and configuring the pool to use port 443, but as soon as I put the server-side SSL profile on the VS traffic to my non-SSL pools was disrupted - though traffic to my SSL-enabled pool worked great. How can I get the LTM to use HTTP for the majority of my pools, but HTTPS for the one that needs it? I cannot change the hostname of the application or use a custom port (I cannot change the URL the users see). Thanks.
Need to configure specific Cipher "AES256-SHA256" in server SSL profile
Hi, Please if someone can guide me as to how to configure specific cipher "AES256-SHA256" for server SSL profile. The server side certificate is using "AES256-SHA256" so they want it to use this. I am using version 11.4.1. Although the Default Cipher for this version supports if but still we want to force F5 to use this Cipher. Any help would be great.
SSL Profile cipher inheritance
Hi, I have some problem understanding how inheritance of the cipher option is inherited using parent profiles. Consider this example: The SSL Server Profile "sslserver_parent" has cipher suite rc4-md5. I then create a new SSL Server Profile named "sslserver_custom" , with the "sslserver_parent" profile as its parent. What will happen when I override the cipher option on the "sslserver_custom" with i.e. RC4-SHA. Will the result be: RC4-MD5:RC4-SHA, or will it not inherit RC4-MD5, and simply be RC4-SHA ?