Set Server SSL Profile Based on URI
Hi all We have a need to set a specific Server SSL Profile based on the requested URI for a HTTPS VS. I have searched around and there appear to a number of example iRules that could/should do the trick but I seem to be failing. I have concocted this little gem based on an almagamation on my findings, however, it does not seem to work: when HTTP_REQUEST { set uri [HTTP::uri] } when SERVER_CONNECTED { if {$uri equals "/uri1" } { SSL::profile SERVER-SSL-1 } elseif {$uri equals "/uri2" } { SSL::profile SERVER-SSL-2 } } I feel I'm probably missing something fundamental here. Any clues would be really helpful. I have applied the default Server SSL profile to the VS as I believe this is required for SSL profile switching. Thank you.
Disable ECDHE Cipher Suite for Server Side SSL Profile
Hi, We have deployed Imperva WAF in transparent bridge mode between our F5 load balancers and Web Servers. In order to perform SSL Decryption, we need to disable certain Cipher Suites including ECHDE and EDH. I have configured the following below but am still getting warnings on the WAF that cipher ** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA** cannot be decrypted. Current SSL Server Profile: ** DEFAULT:!SSLv3:!ECDHE:!EDH ** What else is missing in order to disable cipher ** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ** ? Thanks for your help!LTM HTTPS and HTTP internal with policy and SSL server profile enabled
Dear All, I am wondering if it is possible to combine HTTP and HTTPS traffic internally using only one virtual server, for example; Virtual server App.domain.com:443 with a LTM policy enabled to forward traffic Internally forward app.domain.com/shop with HTTP to server 1 unencrypted Internally forward app.domain.com/products with HTTPS to server 2 encrypted Reading the documentation about the SSL server profile enabled all traffic will be encrypted towards the internal servers. It would be very convenient to add this feature within a LTM policy to be able to forward traffic using HTTPS and HTTP combined using one virtual server and one LTM policy. Is there a possible way to accomplish this in LTM?