How SSL client connections diverted to the servers as HTTP (clear text) or HTTPS (SSL) according to the URI

Question

Hi&nbsp;
I know two basic modes for dealing HTTPS/SSL incoming client connections:&nbsp;

BIG-IP ends the SSL connection and send requests to the targer servers in "clear text" (HTTP).&nbsp;

BIG-IP is configured as passthrough. BIG-IP does not decrypt the SSL connection and SSL stream reach the target server. Target server has to encrypt/decrypt the SSL connnection stream.  &nbsp;

Is there any way (I mean an iRule) to select mode 1 or mode 2 according to the URI?&nbsp;
I guess there is no one -- unless BIG-IP ends client-side SSL and create a server-side SSL connection BUT then that will not be a genuine passtrough mode.  &nbsp;
Thanx in advance  &nbsp;

nathe · Answer

Damián,&nbsp;
As SSL transactions happens prior to HTTP then I would guess not.&nbsp;
In regards point 2 there is a (relatively) new feature called Proxy SSL which doesn't terminate traffic on the LTM, so is passthrough, but does then have visibility of the encryption key so it can inspect the traffic too i.e. where you might need to offload traffic to ASM.&nbsp;
Rgds&nbsp;
N&nbsp;

Forum Discussion

How SSL client connections diverted to the servers as HTTP (clear text) or HTTPS (SSL) according to the URI

1 Reply

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Irule for diverting blocked gelocation users to a page

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Divert Unencrypted Traffic through an IPS with Local Traffic Manager

Troubeshooting website connection

F5 Connection Mirroring question