URL redirect/rewrite to external site/header change with internal CA.
Hello everyone! I will start by saying I have scoured this site and found a few instances of what might resemble my issue. I have tried to use different posted solutions, but I am still stuck.I will post down below my needs with examples. 1. I have an external url I am going to be forwarding traffic to and lets call it www.wallyworld.com. I have an internalsite which we will call www.internalworld.com that I need to write the external header to with a specific url after and lets call it /brand/. 2. after step one is accomplished, then I will need a link on the external url to be added after the added /brand/. 3. I still need to use my internal certificate successfully. Can this be accomplished? examples down below! 1. redirect from internal site to external site transparently(maintaining internal url)- www.internalworld.com/brand/ redirected tobut maintaining internal url-> www.wallyworld.com 2. added link - www.internalworld.com/brand-> add any link that is selected on the external site. example would be if they selected a link named dining.-> www.internalworld.com/brand/dining/ 3. certificate - still use my internal certificate successfully after the header change.
Forward explicit SSL proxy server
Dear all, Trying to figure out why HTTPS traffic is not passing the forward proxy. I followed the following article, configured the HTTP and SSL profiles and the two virtual servers accepting HTTP and HTTPS traffic. The only thing that we dont use is the APM part. Result is that when using the explicit IP address configured in HTTP virtual server and the local browser client is that it works just fine when accessing HTTP websites. When I try to access a website with HTTPS using the explicit IP address configured in my browser I can see an HTTP CONNECT and the virtual server replies with service unavailable HTTP 503. This happens with all HTTPS sites. If I change the proxy setting in the browser the HTTPS (port 443) to request is simply being reset. https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-12-0-0/7.html Does anyone has experience in deploying Big IP LTM as a explicit forward proxy using HTTP and clientSSL profiles only without the use of Irules?
SSL Forward Proxy Question
Hello all We have a requirement to allow some servers in a DMZ to talk to a service on the internet. I was looking into the SSL Forward Proxy feature on the LTMs as this appears to provide the service we need. F5s documentation on this is rather weak and rushed. I am following this guide: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-11-6-0/13.html Some (basic) questions I had on this: When I create a pool, presumably the pool members are the server IPs on the internet? The certificate I use on the Client SSL Profile (Certificate B in the link above) - does this certificate need to be signed by our internal CA, and if so, do we need to use a particular certificate template, e.g. Subordinate Certification Authority? In the Client SSL Profile, do we only (at minimum) need to configure the SSL Forward Proxy section? In the Server SSL Profile which certificate and key do we use? We need the LTM to perform MA with the server. Will this be a certificate generated on the LTM itself or do we need to import the cert + keys of the back end server and use those here? Thank you.
SSL Intercept with F5 in L2 mode
I am looking for a deployment where I configure same VLAN to the ports my client and server are connected. I would like to intercept this traffic. Is this possible on F5. The current scenario explained in the F5 doc is to have self-ips for server and client vlans and route the traffic to the F5 using these IPs. Anyone is aware of deployment without these self-ips and having client and server in the same vlan?
