Forum Discussion

Nimbostratus

Oct 10, 2013

HTTP HTTPS Proxy redirect question

Hi to everyone, not really sure of my title neither if this is the right place to post this as I am very new to the F5 community (3 days :) ) and DC and thanks already to all contributors of that sit...

application delivery

devops

iRules

Richard__Harlan
Oct 10, 2013
Yes you can do this you create two virtuals using the same IP address one listening to port 80 and the other listening to port 443. The port 80 traffic will be sent to the server which will use the HTTP host headers to display the correct site just like now.

The problem comes with the HTTPS site you have two server each hosting the same sites? Is so put them in one pool and add both SSL certs to the Virtual using the link below

http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html?sr=32430737

The problem you will run into is if the client does not support TLS hostname then the LTM will not know which cert to pass back to the client and will pass back the default cert which in your case has a 50% chance of being the correct cert. Now if most of your clients support this you should not have a problem.

Richard__Harlan

Historic F5 Account

Oct 10, 2013

Yes you can do this you create two virtuals using the same IP address one listening to port 80 and the other listening to port 443. The port 80 traffic will be sent to the server which will use the HTTP host headers to display the correct site just like now.

The problem comes with the HTTPS site you have two server each hosting the same sites? Is so put them in one pool and add both SSL certs to the Virtual using the link below

http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html?sr=32430737

The problem you will run into is if the client does not support TLS hostname then the LTM will not know which cert to pass back to the client and will pass back the default cert which in your case has a 50% chance of being the correct cert. Now if most of your clients support this you should not have a problem.

Seb1180_135325
Nimbostratus
Oct 10, 2013
Thanks for your answer. The HTTPS sites are not the same ;) Each HTTPS site as his own server.
Richard__Harlan
Historic F5 Account
Oct 10, 2013
In that case you use the Host base iRule Kevin posted below and it should work just fine.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HTTP HTTPS Proxy redirect question

Recent Discussions

DEVICE-0202 Error while adding rSeries as a provider in CM

Reclaim disk space for BIG-IP tenants running on rSeries systems

Troubleshooting SSL Connections

Unable to get Internet in server using SWG forward Proxy.

Irules Editor

Related Content

irule redirect question

Simple HTTP::redirect iRule results in a reset

HTTP::redirect doesn't work for multiple conditions, URL redirect doesn't work using iRule

Redirect from Http to Https Not working

http to https redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS