SSL offload in APM

Question

I have a Virtual Server with both client and server SSL Profiles.&nbsp;
I have an APM policy to choose the correct pool according to land uri&nbsp;
some applications on the backend work with HTTPS and some work HTTP&nbsp;
HTTPS applications works good but HTTP application fail to load and I get "The page can't be displayed"&nbsp;
I have added this iRule to the virtual server to SSL Offload:&nbsp;
Code
when ACCESS_POLICY_COMPLETED {
set mylandinguri [ACCESS::session data get "session.server.landinguri"] 
if {$mylandinguri == "/something"} {
    node 10.10.10.10 80
    SSL::disable serverside
    log local0. "&gt;&gt;&gt; $mylandinguri !!! NO SSL !!! &lt;&lt;&lt;"
}

}

Now, when I try to get to that HTTP application, I still get "The page can't be displayed"&nbsp;
And this is what I get in the LTM log file:&nbsp;
Code
Rule /Common/APM-ssl-offload : &gt;&gt;&gt; /something !!! NO SSL !!! &lt;&lt;&lt;
Connection error: ssl_null_parse:3109: record length too large (22)

So, I can see the iRule is fired up and SSL Offload does not occur.&nbsp;
&nbsp;&nbsp;
Can you help?&nbsp;&nbsp;
Regards,&nbsp;
Noam.&nbsp;

keesvandenbos · Answer

Hi,
Could you try this.
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/something"} {
        node 10.10.10.10 80
        SSL::disable serverside
        log local0. "&gt;&gt;&gt; [HTTP::uri] !!! NO SSL !!! &lt;&lt;&lt;"
        }

}

Cheers,
Kees

Forum Discussion

SSL offload in APM

1 Reply

Recent Discussions

Issue on license renewal

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

Related Content

SSL Offload with HTTP/2.0

SSL Offloading for specific IPs or range of IPs

F5 BIG-IP Access Policy Manager (APM) Identity-based steering with SSL Orchestrator (SSLO)

F5 Synthesis: Hybrid SSL Offload

HTTPS offload rewriting