irule with ProxySSL feature enabled is not worling

Question

Hi,
I understand that all SSL events are disabled when ProxySSL feature is enable in ssl profiles (client and server).
Other question is, is it possible to make irule to send to different pools based on user agent? I tried to log user agent into HTTP_REQUEST event and I can obviously see it. When I try to send to pool If user agent match e condition it seems it does not work, is it correct?
Someone know if it is possible to redirect traffic to diffente pools based on user agent (or something else) when using ProxySSL feature?
What kind of event and irules can I use when ProxySSL enabled? So, what can I do when this feature is enabled?
Thanks a lot
Elena&nbsp;

arnaud_lemaire · Answer

Hello Elena,
it doesn't surprise me, proxySSL is transparent to the SSL session establishment between client and back end server. The SSL connection is negociated directly by endpoints, and the bigip just come into play after that. This means that when you arrive at the l7 proxy for HTTP, you already have established opend ssl session between client and backend. We may eventually find a way  to switch to another server with exactly the same SSL keys/cert but that would be a requierement i guess. &nbsp;

Forum Discussion

irule with ProxySSL feature enabled is not worling

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

DevCentral's Featured Member for February - Edouard Zorrilla

DevCentral's Featured Member for April - Mihai Cziraki

DevCentral's Featured Member for March - Thomas Dahlmann

Introducing Secure MCN features on F5 Distributed Cloud

Exploring F5OS automation features on VELOS