Forum Discussion
spark_86682
Jun 18, 2008Historic F5 Account
There's no direct way yet (it's coming, though), so the best you can do is an indirect way. If you're on v9.4.0 or above, you can use the virtual command to direct the decrypted traffic to a standard TCP virtual server where you can then use the usual TCP:: commands to inspect content and make load-balancing decisions. To elaborate, the virtual server that the client connects to will have a clientssl profile, and a very simple iRule that looks like:
when CLIENT_ACCEPTED {
virtual internal_virtual
}
so that the decrypted traffic will be accessible on the "internal_virtual" server. Then, you create that new virtual server (here, named "internal_virtual") and you can just inspect the plaintext content in the usual TCP way:
when CLIENT_ACCEPTED {
TCP::collect 100
}
when CLIENT_DATA {
set payload [TCP::payload]
if { $payload contains "magic" } {
pool magic_pool
} else {
pool default_pool
}
}
If you're on some version before v9.4.0, then the only way to do it is an ugly hack that just simulates the above. If this is the situation you're in, and you can't upgrade, post back and I'll try to write up the instructions, because they're long and ugly.