Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

external pool member

Hi all,

Just wondering if I am thinking right on a solution...

Basically the request is for a VIP to SSL offload requests and if the URI contains a certain link "/testdev/" then pass to a pool called testdev. This pool is to contain one pool member, but it is a public node. The comms from the F5 to the external pool member is fine, but what is complicating things is that the external pool member is a https site.

My thinking is that my iRule which redirects if the URI contains /testdev/ has to be forwarded to a new VIP which is using the testdev pool with the public pool member as the backend and the public website cert as the server SSL attached to the new VIP.

Hope that makes sense on what I am trying to acheive.

Thanks.

P.s. Redirect is not an option on request of the solution.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

If I am understanding correctly you should be able to achieve the desired behavior using a local traffic policy. I tested this on v13.0.
Config: HTTPS VS with http, clientssl, and serverssl profiles, default http pool, local traffic policy assigned.
Local traffic policy logic: if URI contains /somepath/ then enable serverssl and forward to https pool, else disable server ssl and send traffic to VS default http pool.

Policy rule 1:

Image Text

Policy rule 2:
Image Text

0
Comments on this Answer
Comment made 23-May-2018 by Markie Parkie 4

Hi,

Thanks for the info.. I was looking at that idea, but for the server ssl profile you need the cert and the key, wheras I can only get hold of the cert.

Never been able to get policys working either, I never get hits on the stats even when I have a catch all on the match condition.

The server that will be in the https_pool is an external member to the business so a public IP.

Thanks..

0
Comment made 24-May-2018 by G. Scott Harris 1648

You're welcome. Are you doing mutual authentication then with the serverssl profile? Otherwise there's no cert/key required.

0