Forum Discussion
Brian_48717
Apr 08, 2011Nimbostratus
HTTP & HTTPS on the same VIP
I have a situation where we have a wild card public DNS entry that points to a NAT rule for a VIP. However, this DNS entry can accept HTTP or HTTPS traffic, and HTTP traffic needs to go to Pool A/VIP A and HTTPS traffic needs to go to Pool B/VIP B). This doesn't work for me today as the VIP and the pool resources it has for this entry is set to only listen on port 80. I don't want to do a single pool with a * VIP and Pool resources as that seems to defeat some of my security requirements of using the LTM as a default deny device. Is it possible to set up a VIP X that doesn't contain any resources in itself and sends traffic to VIP A if HTTP and VIP B if HTTPS? Or does anyone have any other suggestions on how I could accomplish this?
- Brian_48717NimbostratusBased on some testing it sounds like my easiest approach is to not bother trying to bring it all in on a single VIP and redirect, rather to just create two VIPs, same IP, different ports.
- Jonathan_ScholiCirrostratusYes, a VIP for each port is definitely easier to keep track of.
- nitassEmployeeBrian,
- hooleylistCirrostratusYes, it's possible to do, but I suggest using a separate virtual server for each protocol. This allows you to handle the logic for each protocol separately.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects