For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

El-Guapo_29797's avatar
El-Guapo_29797
Icon for Nimbostratus rankNimbostratus
Nov 08, 2013

Create F5 LTM Content for http / https via port 8080

Below 2 lines work using vip 1.1.1.1   http://test.website.com and https://test.website.com   But I can only get one of below working using service port 8080.   http://test.website....
application delivery
devops
iRules
management
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 09, 2013

The first and most important thing is that you shouldn't try to do SSL and non-SSL with the same IP/port combination. You also wouldn't be able to create two VIPs with the same IP and port.

On the second part, if I understand you correctly, you have a wildcard port VIP (ex. 1.1.1.1:0) so that you can accept port 80, 8080, and 443. The iRule for that might look like this:

when CLIENT_ACCEPTED {
    switch [TCP::local_port] {
        80 {
            pool my_80_pool
            SSL::disable clientside
        }
        8080 {
            pool my_8080_pool
            SSL::disable clientside
        }
        443 {
            pool my_443_pool
        }
        default {
            reject
        }
    }
}

Apply a client SSL profile to the VIP. It will be disabled if the client request port 80 or 8080, and any request on an undefined port will be rejected.