Forum Discussion
Brian_48717
Nimbostratus
NimbostratusHTTP & HTTPS on the same VIP
I have a situation where we have a wild card public DNS entry that points to a NAT rule for a VIP. However, this DNS entry can accept HTTP or HTTPS traffic, and HTTP traffic needs to go to Pool A/VIP A and HTTPS traffic needs to go to Pool B/VIP B). This doesn't work for me today as the VIP and the pool resources it has for this entry is set to only listen on port 80. I don't want to do a single pool with a * VIP and Pool resources as that seems to defeat some of my security requirements of using the LTM as a default deny device. Is it possible to set up a VIP X that doesn't contain any resources in itself and sends traffic to VIP A if HTTP and VIP B if HTTPS? Or does anyone have any other suggestions on how I could accomplish this?
4 Replies
Brian_48717Based on some testing it sounds like my easiest approach is to not bother trying to bring it all in on a single VIP and redirect, rather to just create two VIPs, same IP, different ports.
Jonathan_ScholiCirrostratus
Yes, a VIP for each port is definitely easier to keep track of.- nitass
Employee
Brian,
I think you may have seen this already. In case you wanna have some fun. :-)
Http Https Single Virtual Server
Contributed by: hoolio - hooleylists at gmail dot com
http://devcentral.f5.com/wiki/default.aspx/iRules/HttpHttpsSingleVirtualServer.html?diff=y 
hoolioYes, it's possible to do, but I suggest using a separate virtual server for each protocol. This allows you to handle the logic for each protocol separately.
Aaron
