remove "requires { http ssl-persistance }" from policy

Whenever I create a policy it adds it's own, default configuration snippets in the config. The one that gives me trouble is: requires { http ssl-persistence } When the policy is created, but only...

application delivery

BIG-IP

http ssl-persistence

TMSH

Bartek
Jul 14, 2019
OK, so i actually got it, and learned a ton about policies in the process.

The most important thing is that the policy assumes http event if not told otherwise. In this case adding an "ssl-client-hello" after forward action changed this assumption to ssl event. This is also true for actions that (according to specs) have nothing to do with http - I guess something that F5 overooked.

But wait, there is more - there is no way at all to add the ssl-client-hello while preparing the policy in GUI. You need to prepare it as far as possible and edit or modify the policy in TMSH (the latter is more elegant, but edit is easier and also does the job) to add the ssl-client_hello action. This automatically removes http from aspect and leaves just the desired ssl-persistence which in result allows to remove unwanted http profile from VIP.

Forum Discussion

remove "requires { http ssl-persistance }" from policy

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

SOCKS5 SSL Persistence

Persisting SSL Connections

SSL Orchestrator Advanced Use Cases: Outbound SNAT Persistence

App Stack, the "iRule" of F5 Distributed Cloud

How I did it - "Remote logging with F5 BIG-IP Next and OpenTelemetry"