Fields available for lbs decision of https encrpted traffic

Question

We do not use the F5 to terminate SSL but rather do this on the Webservers.  This is creating a problem because I can not make a load balancing decision based on URI path because the traffic is encrypted.  My question is:  are there any alternatives on how we could make Lbs pool decisions with out using the F5 to terminate the SSL session first? 
&nbsp;  
&nbsp; Basically what fields are available in an Https encrypted traffic that I could use to make a lbs decision? 
&nbsp;  
&nbsp; I was thinking that the host name could be a possiblity but was not for sure.  Any ideas? 
&nbsp;  
&nbsp;  
&nbsp;

dennypayne · Answer

Without terminating you are pretty much stuck with TCP headers.  You can't invoke the HTTP_REQUEST event in an iRule to do any decision making on an http element if you don't use an http profile, which requires that you decrypt first.  So there's no way to use the hostname either ([HTTP::host] being the operator that you would need). 
&nbsp;  
&nbsp; So basically, without terminating SSL you only have the layer 4 info to make a decision with. 
&nbsp;  
&nbsp; Denny

Forum Discussion

Fields available for lbs decision of https encrpted traffic

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

Getting Started with BIG-IP Next: Configuring Instance High Availability

Load balancing method specific decision

Decision box design using js

Silverline DDoS capabilities are now available in F5 Distributed Cloud

High Availability in a Bare Metal World