Streaming SSL Termination

Question

I'm having an issue with a streaming profile.  Currently the profile was created for SSL Termination.  With the source being HTTP: and the destination being HTTPS: .  The issue is that it re-writes everything in the stream, not always a bad thing.  However, it re-writes thing that I don't want it to.  Is there a way I can have an iRule that will only re-write for let's say *.domain.* and ignore everything else?

kevin_davies_40 · Answer

The iRule can specify if the stream is disabled or enabled using the STREAM::disable and STREAM::enable commands. So based on pretty much anycondition you need to you turn this off or on. 
&nbsp;  
&nbsp; Typically you would use STREAM::disable, STREAM::expression to set your expression then STREAM::enable when you want it to run. 
&nbsp;  
&nbsp; See the wiki page on these commands for an example https://devcentral.f5.com/wiki/iRules.stream__enable.ashx 
&nbsp;  
&nbsp; Kevin

kevin_davies_40 · Answer

The iRule can specify if the stream is disabled or enabled using the STREAM::disable and STREAM::enable commands. So based on pretty much any condition you need to you turn this off or on. 
&nbsp;  
&nbsp; Typically you would use STREAM::disable, STREAM::expression to set your expression then STREAM::enable when you want it to run. 
&nbsp;  
&nbsp; See the wiki page on these commands for an example https://devcentral.f5.com/wiki/iRules.stream__enable.ashx 
&nbsp;  
&nbsp; Kevin

nitass · Answer

can you use wildcard only in front of FQDN? 
  
 [root@ve1024:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      stream {}
      tcp {}
   }
}
[root@ve1024:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1024:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   STREAM::disable
}
when HTTP_RESPONSE {
   if {[HTTP::header value Content-Type] contains "text"}{
      STREAM::expression {@http://[^.]*?\.domain\.com@@ @http://[^.]*?\.domain\.net@@}
      STREAM::enable
   }
}
when STREAM_MATCHED {
   STREAM::replace "[string map {http:// https://} [STREAM::match]]"
}
}

original content

[root@ve1024:Active] config  curl http://200.200.200.101/test.html
...
http://www.domain.com/something
http://www.google.com/something
http://www.domain.net/something
http://sub.domain.com/something
http://www.yahoo.com/something
...

replaced content

[root@ve1024:Active] config  curl http://172.28.19.79/test.html
...
https://www.domain.com/something
http://www.google.com/something
https://www.domain.net/something
https://sub.domain.com/something
http://www.yahoo.com/something
...

Forum Discussion

Streaming SSL Termination

3 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

SSL Termination

FTPS_SSL_ Termination

Automation Toolchain - Telemetry Streaming - Grafana StatsD Graphite

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL protocol mismatch