Can SSL bridging be configured by irule only (without using server ssl profile)

I currently have a website ( that resolves to a VIP on port 80 only and it load-balances to a server pool in our Datacenter.

This is being done on an older F5 running 10.0.1 software.

This is what i have done so far.

I created a port 443 version of the same VIP.

I created an irule to redirect any traffic with the URI (careers/jobs) to be redirected to the HTTPS VIP and applied it to the port 80 VIP.

On the HTTPS VIP, I am still working on an irule to redirect the traffic while keeping the original URL and modifying the links on the hosted site. Also, i am trying to figure out how to use a hostname instead of pool.

Any help would be appreciated.

Thanks

Well this can be done with an iRule, but from a security perspective, why wouldn't you just push all traffic to SSL in the first place?

This project is currently for the redirection of specific traffic to the external site. Converting the local site to HTTPS will have to be done on a different project since the current servers are not configured to support SSL. This is what i have so far.

On the SSL VIP, i created a stream profile to modify the links on the hosted site.

profile stream test-staging-stream { target "@"

This is the irule that i currently have for redirecting the traffic to an external site.

rule abc-xyz-redirect4 {
   when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST priority 100 {

    switch -glob [string tolower [HTTP::uri]] {
         "/careers/jobs*" {
          set path [string map {/careers/jobs* /*} [URI::path [HTTP::uri]]][URI::basename [HTTP::uri]]
            set uri $path[URI::basename [HTTP::uri]][URI::query [HTTP::uri]]
           HTTP::path $path        
            set qry_location [string first "?" [HTTP::uri]]
         if { $qry_location > 0 } {
              set qry [string range [HTTP::uri] $qry_location end]
            } else {
                set qry ""
          }
           set uri ${path}/$qry
            HTTP::uri $uri

          log local0. "10>>being redirected to $path"
     }

         default {
         log local0. "-->[HTTP::uri] $default_pool"
            pool $default_pool
            return
        }
 }
   HTTP::header replace Host "www.xyz.com"
 pool www.xyz.com-ssl
}
when HTTP_REQUEST priority 200 {
   log local0. "25>>Outgoing path  [HTTP::uri]"
}
}

This is the pool config:

pool www.xyz.com-ssl {
   action on svcdown reselect
   monitor all https
   members xx.xx.xx.xx:https {}

This is the current VIP config

virtual test.abc.com-ssl {
   snat automap
   pool www.xyz.com-ssl
   destination xx.xx.xx.xx:https
   ip protocol tcp
   rules abc-xyz-redirect4
   profiles {
      abc-TCP-Optimized {}
      abc_Compression {}
      serverssl {
         serverside
      }
      test-staging-stream {}
      wildcard.abc.com-new {
         clientside
      }
   }
}

I still need to figure out how to use hostname/DNS lookup instead of the normal pool.

Thanks.

Converting the local site to HTTPS will have to be done on a different project since the current servers are not configured to support SSL. This is what i have so far.

You know you can use SSL Offloading with the BIG-IPs. This will not require the backend servers to be configured with SSL support...

Yes. I understand that but since this current project requires SSL from the user to the F5 and from the F5 to the external site, I would need to enable server SSL profile for SSL bridging to the external site. Once i turn this on, the backend servers would be marked down since they don't have a SSL cert. This is where i am running into an issue. The local servers are port 80 and the external site is 443 and they share the same VIP. This is why i am keeping the local port 80 servers on the port 80 VIP and having an irule to force the HTTPS to the port 443 VIP which will be configured for SSL Bridging.