Forum Discussion

LLFF_53640's avatar
LLFF_53640
Icon for Nimbostratus rankNimbostratus
Jun 03, 2010

Interact with HTTPS VS / HTTPS Node for HTTP profile and log

Hi all, It can be really good if you can help me with the solution I want to try on a BigIP LTM. Is it possible to inspect the HTTP traffic of an HTTPS request (on a VS with client SSL) when the node is also in HTTPS (server SSL) ? The first goal is to make some stats (using SNMP ?), and the second one (if possible) is to apply an HTTP profile on the VS ... Thanks in advance, LLFF.

4 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Absolutely.

     

     

    The iRules run between the two SSL profiles. So they 'see' cleartext data streams in both directions. You don't need to do anything special, the exact same iRules will run for both HTTPS and HTTP connections when using SSL profiles (Client and Server).

     

     

    (This assumes you have the HTTP profile set on the iRule of course, otherwise the [HTTP::xx] commands aren't available).

     

     

    H
  • Thanks a lot ! This is really clear.

     

     

    Could you please give me an example of a simple Irule ? (I'm a real newbie !)

     

     

    What I want to do :

     

    - request (VS with Client SSL and certificate on the BigIP) : https://secure.mydomain1.com

     

    - node (with Server SSL and no certificate (acting like a web browser ?)) : https://notreallysecure.mydomain2.com

     

    - HTTP profile applied (caching, compression),

     

    - SNMP Trap (for Active Connections for example).

     

     

    Many thanks,

     

    LLFF

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Hey no problem. Everyone is a newbie somewhere at some time.

     

     

    Rather than posting iRules here, checkout the iRule codeshare on devcentral. Have a look under the 'Download' -> 'CodeShare' section of the site (see the menu at the top of the page under the F5 logo). You'll find an absolute truckload of iRules in there.

     

     

    For SNMP traps, checkout the advanced configuration or logging and monitoring forums/groups on devcentral.

     

     

    H