Forum Discussion

Brian_48717's avatar
Brian_48717
Icon for Nimbostratus rankNimbostratus
Apr 08, 2011

HTTP & HTTPS on the same VIP

I have a situation where we have a wild card public DNS entry that points to a NAT rule for a VIP. However, this DNS entry can accept HTTP or HTTPS traffic, and HTTP traffic needs to go to Pool A/VIP A and HTTPS traffic needs to go to Pool B/VIP B). This doesn't work for me today as the VIP and the pool resources it has for this entry is set to only listen on port 80. I don't want to do a single pool with a * VIP and Pool resources as that seems to defeat some of my security requirements of using the LTM as a default deny device. Is it possible to set up a VIP X that doesn't contain any resources in itself and sends traffic to VIP A if HTTP and VIP B if HTTPS? Or does anyone have any other suggestions on how I could accomplish this?
config
design

4 Replies

Sort By
  • Brian_48717's avatar
    Brian_48717
    Icon for Nimbostratus rankNimbostratus
    Apr 08, 2011
    Based on some testing it sounds like my easiest approach is to not bother trying to bring it all in on a single VIP and redirect, rather to just create two VIPs, same IP, different ports.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 10, 2011
    Brian,

     

     

    I think you may have seen this already. In case you wanna have some fun. :-)

     

     

    Http Https Single Virtual Server

     

    Contributed by: hoolio - hooleylists at gmail dot com

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/HttpHttpsSingleVirtualServer.html?diff=y

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 11, 2011
    Yes, it's possible to do, but I suggest using a separate virtual server for each protocol. This allows you to handle the logic for each protocol separately.

     

     

    Aaron