Forum Discussion

T_Rajneesh's avatar
T_Rajneesh
Icon for Nimbostratus rankNimbostratus
Jun 27, 2019

Query on http profile in Virtual Server.

hi,

just to give background, Presently the Virtual server is listening on port 443 and HTTP profile - none selected.

 

I wanted to block particular string in url. I need to apply this i-rule to this Virtual server but i know HTTP profile need to be enabled in order for i-rule to apply to Virtual Server.

 

Question here is : what is the impact if i enable HTTP profile for virtual server ? Does it alter the exiting properties of Virtual server other than reading i-rule or any other performance issues?

I believe, when HTTP profile is enabled for VS, it will allow F5 to read the http content to process the i-rule but what else will get effected apart from i-rule getting processed.

 

Thanks in advance.

 

Regards,

Rajneesh

 

application delivery
iRules
LTM

3 Replies

Sort By
    • T_Rajneesh's avatar
      T_Rajneesh
      Icon for Nimbostratus rankNimbostratus
      Jun 27, 2019
      Thank you for your response. I knew it but my question is about impact or performance? I have backend Oracle servers...presently VS is accessed using 443 & no i-rule & don't have http profile applied. Now I need to apply i-rule to block certain strings inburl..for which I need to enable http profile..what is impact it has on existing traffic?
  • David_M's avatar
    David_M
    Icon for Cirrostratus rankCirrostratus
    Sep 04, 2019

    If you add an http profile to a VIP on 443 then you must also add a client ssl profile.

     

    This puts your bigip in a MITM mode means it can decrypt the encrypted packets.

     

    Depending on your backend you might have to use a serverssl profile too if the backend is on 443 as well, which I am guessing it is because when you create a VIP on 443 without a http profile, its acting as a SSL bridge with your backend server which also needs to be on 443. Means your bigip cannot see the encrypted data.