Forum Discussion

Nimbostratus

Feb 28, 2008

How to choose which virt based on header

I posted yesterday with an issue with my F5 and https redirection to a uri that did not have www in it and realized after reading several pot that this will not work due to how SSL works. So...

Employee

Feb 28, 2008

Do you want both virtual servers to use the same IP address? If so you have a catch-22 as you have to decrypt the traffic *before* an iRule can inspect the HTTP header. The earliest possible event during which you would be able to discern the hostname in the request is CLIENTSSL_HANDSHAKE which is invoked *after* the decryption.

If you have the two hostnames on different IPs, this is easy and you don't need an iRule at all, just use the appropriate cert on each virtual server.

I have a customer who has had success with using certificates with subject alternative names to allow a single vip and a single cert to service multiple hostnames, which resolves the very problem you are having.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to choose which virt based on header

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Choosing an Instance for F5 BIG-IP in AWS

Choose Your Operator Wisely

Strict header Insertion

(HTTP) Redirection via Arbitrary Host Header

Log Http Headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS