Any iRules that acts as Virtual Server for By-Pass Cert

Question

F5 APM with SWG module, so this F5 acts as Proxy and Intercept Cert.
I have a problem about intercept certificate some website cannot use it, then I solved that problem by create the new virtual machine and fixed the destination of each website's IP. (nslookup)
But I think it's not a good solution, because If some website occurs like this problem more, I have to add more virtual server. So I try to use iRules to by-pass the destination by using iRules.
when CLIENT_ACCEPTED {
if { [ IP::Addr [IP::local_addr] equals "xxx.xxx.xxx.xxx" ] } {
SSL::disable
} 
}

But it's did not work, please could you suggest me for the iRules command.

stanislas_piro2 · Answer

if you disable SSL on client side you also have to :
disable SSL on server sidedisable any L7 profile decoding inner protocol
you can try this:
when CLIENT_ACCEPTED {
    if { [ IP::Addr [IP::local_addr] equals "xxx.xxx.xxx.xxx" ] } {
        ACCESS::disable
        HTTP::disable
        SSL::disable clientside
        SSL::disable serverside
    } 
}

Forum Discussion

Any iRules that acts as Virtual Server for By-Pass Cert

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Best way to pass http header by iRule containing Client TLS information

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Quick Optimizations for F5 BIG-IP Virtual Edition

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

Virtual Server graphical App for F5 LTM