Jonathon_Page
Jan 20, 2017Nimbostratus
HTTPS LTM iRule for overloading a VIP - HTTPS web server internally not encrypting
Hi, I've used the articles on here to create a single VIP with an iRule to switch pools using the URL::host value, This has been working great for internal services that are HTTP.
I'm trying to deploy one that is HTTPS internally and no matter what I try I can't seem to get the F5 and the web server to establish a TLS handshake. I've tried SSL server profiles, I've tried adding SSL::enable server commands and the web server gets a clear text GET request on port 443.
when HTTP_REQUEST {
log local0. "client=[IP::client_addr]:[TCP::client_port] host=[HTTP::host] uri=[HTTP::uri]"
switch [string tolower [HTTP::host]] {
"server1" {
switch -glob -- [string tolower [HTTP::uri]] {
"/stuff?*" { pool pool_Srv1 }
default {
reject }
}
}
"server2" {
switch -glob -- [string tolower [HTTP::uri]] {
"/psp/*" -
"/favicon.ico" { pool pool_Srv2 }
"/" { HTTP::respond 302 Location "http://MainpageOnOtherServer" }
"/apple-touch*" {
reject }
default {
reject }
}
}
"NewServer {
log local0. "Is [HTTP::host] uri=[HTTP::uri]"
HTTP::header insert "X-Forwarded-Proto" "https";
pool pool_NewSrv }
default {
reject
}
}
}
when SERVER_CONNECTED {
switch [LB::server pool] {
pool_NewSrv {
SSL::enable serverside
SSL::profile InternalTLS
}
default {
SSL::disable serverside
}
}
}
Any suggestions would be greatly appreciated.
Thanks