Site doesn't load while passing SSL traffic d to the web servers through F5.

Question

All,&nbsp;
We are in the process of removing the SSL offloading config from F5. When i remove client SSL configuration and allow F5 to pass HTTPS traffic directly to the apache server , the page doesn't load. Alternatively if i access a web server directly bypassing F5, HTTPS page loads without any issues. Please advise. &nbsp;

rob_carr · Answer

You might also need to remove the HTTP profile from the virtual server, if you had one assigned (not uncommon in SSL offload configurations).&nbsp;

rajaraman_12066 · Answer

Will F5 still forward http request after removing profile ?&nbsp;

rob_carr · Answer

Removing the HTTP profile will not prevent the BIG-IP from forwarding HTTP requests.  Since HTTPS traffic is encrypted, the BIG-IP is unable to see the HTTP requests and simply load-balances the TCP connections.

samir_jha_52506 · Answer

You need to enable default server profile with Https Vip. Hope It will work.&nbsp;

kevin_stewart · Answer

You need to enable default server profile with Https Vip&nbsp;

This is not entirely true. As Rob states, to allow SSL to flow through the box without offload, you need to remove BOTH client and server SSL profiles AND any layer 7 profiles (like HTTP) that may attempt to evaluate the unencrypted payload.&nbsp;

Forum Discussion

Site doesn't load while passing SSL traffic d to the web servers through F5.

5 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

fellow traffic

Block traffic

Passing Client CAC / Smart Card Cert to Application Server

high cpu usage independent from Traffic

iRule to log traffic details