Modify HTTP Request to Clone Pool

Question

We've been talking about this a bit internally but I thought I'd see if anyone on DC had any additional thoughts.

Situation - You must send traffic to your pool members over SSL while sending clear-text to your IDS. This is easy enough using the "virtual" command where your clone pool is attached to the first virtual (just client SSL profile) and your default pool is attached to your second virtual (listens on port 80, just has server ssl profile to encrypt traffic to pool.

Challenge - People post login credentials to your site and you don't want your IDS to see them as they'll be in clear-text. You still want to see the POST, but without a certain string of characters. You obviously need the original request to be sent to your default pool though so users are able to login.

michael_yates · Answer

That's an interesting challenge. 
&nbsp;  
&nbsp; Traffic to a Clone Pool is supposed to be an exact copy of what is sent to the Target Servers and an exact copy of the response from the Target Servers back to the client by sending the traffic to two MAC Addresses rather than one. 
&nbsp;  
&nbsp; I'm not sure that you can change one without affecting the other. 
&nbsp;  
&nbsp; If you don't get any leads here and open up a case can you post their response in this thread?

Forum Discussion

Modify HTTP Request to Clone Pool

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

HTTP request cloning

Clone Pools

Clone Pool Across L3

iRule to modify a content-security-policy header

Logging DNS Requests