Need Assistance with SSL Websockets

Question

I have two VIPS.  One VIP has port 80 and the same VIP also is configured for port 443.  Behind these VIPS are severs that run websockets.  I created an irule for the http that works but for the 443 it does not.  Suggestions?&nbsp;
irule applied to the http VIP&nbsp;
when HTTP_REQUEST { 
if { ([HTTP::uri] starts_with "/socket.io") } {
HTTP::disable
} 
}&nbsp;

jpv_131616 · Answer

did you enable http profile on 443 vip also?&nbsp;
if not it acts like a passthrough and the irule won't work...&nbsp;
thx&nbsp;

ron_130795 · Answer

Thanks JPV.  I do have 'http' enable on the http profile for the 443 VIP.

eric_st__john · Answer

Along with the http profile(which I assume you have configured based on the HTTP::disable command), you will be required to configure a clientssl and serverssl profile.  As the traffic passing through the BIG-IP is encrypted without those, you will not see the URI.&nbsp;
If you are running v11.4.0 or higher, you should not have to disable the http profile as the BIG-IP code should account for WebSocket traffic and disable it automatically.&nbsp;
SOL14754&nbsp;
Eric&nbsp;

ron_130795 · Answer

I have a clientssl, however can I use the default serverssl?&nbsp;

eric_st__john · Answer

You should be able to use the default serverssl, or serverssl-insecure-compatible.&nbsp;
Eric&nbsp;

Forum Discussion

Need Assistance with SSL Websockets

5 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

Load Balancing WebSockets

enable WebSocket profile.

Re: Welcome to the F5 BIG-IP Migration Assistant

Assistance with iRule using port ranges

iRule to assist with CVE-2022-22965 mitigation