Forum Discussion

BaltoStar_12467's avatar
Oct 13, 2015

BIG-IP : disable SSL on request

F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi

Within an iRule, I know how to enable/disable SSL on a request to be routed :

pool pool-01
SSL::disable serverside
return

However, is it possible to accomplish same via a profile ?

  • Not in a profile, but definitely in an LTM policy. In the general properties of a policy, select whatever data point you need in the Requires section, and forwarding (for the pool) and server-ssl (to disable server side SSL) in the Controls section. Then build your rules accordingly.

     

  • As Kevin first suggested, Local traffic policies allow to replace most of irules. there is a bug in the 11.4 version, but is corrected in 11.5.

    You can start with the following workaround allowing to use Policies with a small irule doing which is impossible in policy. (iRule HTTP_REQUEST event occurs after Policy Request event)

    There is a workaround allowing to use Local traffic policies to disable SSL server side: create the rule action

    tcl variable
    named ssldisable with value 1

    add the following irule and assign it to the VS:

    when HTTP_REQUEST {
        if {([info exists "ssldisable"]) && $ssldisable } {
            SSL::disable serverside
        }
    }
    

    When you will upgrade to 11.5, you only have to replace the

    set variable
    action by
    server-ssl disable