Re-encrypt based on request

Question

Hello,&nbsp;
We are terminating SSL at the F5/VIP level..  However, I have some pages on my IIS server that need to see SSL in the request in order to work properly.  I do not want to re-encypt everything being sent to the pool member.&nbsp;
when HTTP_REQUEST {&nbsp;
  if {&nbsp;
         ([HTTP::uri] starts_with "/mysecureapp1") ||&nbsp;
         ([HTTP::uri] starts_with "/anothersecureapp2") &nbsp;
} then {&nbsp;
snat automap&nbsp;
pool  IIS_HTTPS_Pool     }&nbsp;
}&nbsp;
However I need to re-encrypt the request before it goes to the pool.  I have defined a client cert with the neeeded info but I am not sure how to re-ecrypt in the irule?&nbsp;
Suggestions welcomed... thanks!&nbsp;
- Alex&nbsp;

what_lies_bene1 · Answer

If you assign a ServerSSL profile to the VS you can use this; 
 
when HTTP_REQUEST {
 set use_ssl 0
 switch -glob [string tolower [HTTP::uri]] {
  "/mysecureapp1*" -
  "/anothersecureapp2*" {
   set use_ssl 1
   snat automap
   pool IIS_HTTPS_Pool }
  If HTTP uri is neither of the above, take the default action below
  default {
  set use_ssl 0
  pool something?
  snat something?
  }
 }
}

when SERVER_CONNECTED
 if { $use_ssl == 0 } {
  SSL::disable
 }
}

alexdemarco · Answer

Thanks!   I will give this a shot.&nbsp;

what_lies_bene1 · Answer

You're welcome. Post back if you have issues.

Forum Discussion

Re-encrypt based on request

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

SSL Full Proxy - SSL Re-Encryption performance degradation

F5 AWAF - bypass request based on the pressence of a request header - value

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

iRule based RADIUS Client Stack