Forum Discussion

3 Replies

  • Hi Ken,



    In order to read the HTTP host header value, you'd need to decrypt the SSL using a client SSL profile. Once you do that and add an HTTP profile to the virtual server, that iRule would work as it is.



  • Also note that that iRule would allow a malicious user to send HTTP traffic to any pool which ends with _pool configured on your LTM. From a security standpoint, it would be a lot safer to create a whitelist of allowed pool names and check that the parsed pool name is part of it before allowing the client to get to the pool. You could do this by defining the allowed pool names in a data group and then using the class command to look up the requested host in the data group.





  • kend's avatar
    Icon for Nimbostratus rankNimbostratus
    I read the link you provided, but I am unclear on how to create the data group itself. Any help would be appreciated.