SSL offload and HTTPs persistence

Question

Hi,
Currently i have HTTP clients accessing two Servers in a pool behind an F5. I need persistence towards the two Servers and im using a Persistence Profile with HTTP iRule . Now the customer wants to use HTTPS Clients towards the two Servers which will have HTTPS ports configured. As i want to keep persistence towards the two Servers i understand from reading other posts here that i need to offload SSL in F5 so decrypt, run HTTP Persistence iRule and then encrypt again. Am i correct in that thinking?  Im wondering about the way to implement this on F5. Both Servers will have the same SSL cert/key.  To make this work do i create a VS with type "standard" and then create a Client and Server SSL Profile using the SSL cert/key from the Servers?&nbsp;
As regards the iRule, do i need to modify the rule below replacing HTTP with HTTPS or leave it as is?&nbsp;

tom_phelan_3458 · Answer

This is the HTTP persistence rule im currently using:&nbsp;
when HTTP_RESPONSE {
    persist add uie $clientip
}
when HTTP_REQUEST {
    set clientip ""
    if { [HTTP::header exists "X-Forwarded-For"] } {
        set clientip [HTTP::header "X-Forwarded-For"]
    } else {
        set clientip [IP::client_addr]
    }
    persist uie $clientip
}&nbsp;

only1masterbla1 · Answer

You're heading in the right direction. Same iRule would work for http & https vips. Client side & server side SSL cert/key and profile settings may be different. You don't need to use the same SSL cert/key.

Forum Discussion

SSL offload and HTTPs persistence

2 Replies

Recent Discussions

Order of resource assignment when user assigned multiple network access resources

Maximum throughput of f5 ltm

F5 APM with OIDC Web Duo Prompt

F5 not sending traffic to Web pool

VPN fragmented IP packets dropped

Related Content

SSL Offload with HTTP/2.0

HTTPS offload rewriting

Persist using a string in an HTTP URI

HTTP To HTTPS Cookie Persistence

FTPS Offload via iRules