Forum Discussion
Nimbostratuschange https port on server side / multi SSL profile, SNI/ https from client to F5 and from F5 to server
Hello
I have only one IP address free , and I will use several https hosts it works fine with several ssl profiles ( one certificate / Key by profile) , and SNI default option on.
We use https from client to F5 and from F5 to server
But now I would like to use different ports on the server side
www.site1.fr:443 -> www.site.fr:8443 www.site2.fr:443 -> www.site.fr:9443 www.site3.fr:443 -> www.site.fr:10443
I use but it doesnt work
when HTTP_REQUEST { if { [HTTP::host] equals "www.site1.fr" } { HTTP::redirect "[HTTP::uri]" } if { [HTTP::host] equals "www.site.fr" } { HTTP::redirect "[HTTP::uri]" } if { [HTTP::host] equals "www.site3.fr" } { HTTP::redirect "[HTTP::uri]" } }
}
I also check something like but it doesnt work too
when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "www.site1.fr" { HTTP::header replace host "www.site.fr:8443"} "www.site2.fr" { HTTP::header replace host ""} "www.site3.fr" { HTTP::header replace host "www.site.fr:10443"} } }
Where is the problem ??
6 Replies
- Kevin_Stewart
Employee
In your first iRule you're using a redirect, which sends a response to the client telling it to come back to the specified URL. You're specifying URLs with the backend ports, so you're VIP isn't going to be listening for these.
In your second iRule you're just changing the Host header in the request, which does not change the physical port.
I'd recommend that you create a separate pool for each application. Example:
site1_pool = server IP(s):8443 site2_pool = server IP(s):9443 site3_pool = server IP(s):10443Then in your iRule switch between the pools based on the requested Host:
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.site1.com" { pool site1_pool } "www.site2.com" { pool site2_pool } "www.site3.com" { pool site3_pool } } }By the way, you can do all of this in LTM policies instead of iRules.
carrayroud_1356Thanks Kevin
I will check that on my LTM VE 11.3 , LTM policies is only supported in the next version.
I also need to change the host name depending on Ip source address
With Internal IP address We must use kerberos , and with other adresses I will receive a web page for authentication username/password
Regards Didier
- carrayroud_1356
Thanks Kevin
I will check that on my LTM VE 11.3 , LTM policies is only supported in the next version.
I also need to change the host name depending on Ip source address
With Internal IP address We must use kerberos , and with other adresses I will receive a web page for authentication username/password
Regards Didier
- carrayroud_1356
when I hecked
https://www.site1.com -> www.site1.com:443 OK https://www.site2.com -> www.site2.com:80 KO https://192.168.201.100 (VS) -> www.site2.com:80 KO
site1_pool = server IP(s):443 site2_pool = server IP(s):80
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.site1.com" { pool site1_pool } "www.site2.com" { pool site2_pool } default { pool site2_pool } } }
It seems I can change the outbound port
- carrayroud_1356
when I hecked
https://www.site1.com -> www.site1.com:443 OK https://www.site2.com -> www.site2.com:80 KO https://192.168.201.100 (VS) -> www.site2.com:80 KO
site1_pool = server IP(s):443 site2_pool = server IP(s):80
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "www.site1.com" { pool site1_pool } "www.site2.com" { pool site2_pool } default { pool site2_pool } } }
It seems I can change the outbound port
- Kevin_StewartAre you asking a question?
