Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Aug 08, 2021
Solved

have ssl and non ssl pools (or pool members) for a VS

Hi

 

So I am migrating a nginx config over to F5. Some upstream end points are SSL and some are not.

 

So on my VS profile I have configured ssl (server), so by default all of my pool connections are SSL,

so default pool is ssl, no I add a irule to pull out specific uri and I want to send them to a different pool.

 

got the irule work and got the pool command working, but how do I tell it to no use ssl for this connection to this pool

 

 

  • You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

     

    Hope it helps!

6 Replies

  • You can use LTM policy or iRule to disable server SSL profile based on matching specific condition e.g. hostname. I would recommend you to use LTM policy for achieving this. While creating the LTM policy, you can match condition for the incoming request like hostname/URL/URI for which you want to disable server SSL and set disable server ssl action for it. After applying this LTM policy on the desired vServer, your requirement should be fulfilled.

     

    Hope it helps!

    • AlexS_yb's avatar
      AlexS_yb
      Icon for Cirrocumulus rankCirrocumulus

      Okay why ltm over irule

       

      also so setting in policy is only for that request, interesting.

      thanks

  •  ,

     

    When it comes to comparing LTM policy with iRule, LTM policies are much faster when it comes to executing the traffic conditions.

    • AlexS_yb's avatar
      AlexS_yb
      Icon for Cirrocumulus rankCirrocumulus

      Good to know.

       

      So side question currently I have a irule for the http to https. should i be doing that in profile - is there one ?

  • Last add on question for this - how do I manage policies in BIG-IQ. i removed the irule for http to https and created the equivalent policy.

     

    I can re import my F5 instance into BIG-IQ -but can't find any place to edit / modify / create policies :(

     

  • Seem to be having some issue with doing this with websockets. the backend is non ssl . how to capture a websocket connection to turn the backend into non ssl