Forum Discussion
Kevan_50436
Nimbostratus
NimbostratusHTTPS iRule to redirect traffic by URL?
I have a really simple iRule to route HTTP traffic based on the URL specified:
when HTTP_REQUEST {
if { [HTTP::host] contains "test2" } {
pool Test2_HTTP
} else {
pool Test1_HTTP
}
}
I would like to also do this for SSL traffic.
I know (or at least think) that SSL traffic must be terminated at the LTM to apply iRules to SSL, which requires an SSL client profile. However, the SSL client profile only contains one certificate, so it would not work for the second URL.
Is this even possible?
Thanks,
Kevan.
3 Replies
hoolioCirrostratus
Hi Kevan,
The practical answer is that right now, you can only use one SSL certificate per virtual server. In order to avoid an cert mismatch error on browsers, the cert subject(s) must match the hostname the client makes a request to. There are a few options using a single wildcard cert or a single cert with Subject Alternate Names (SANs) that extend the functionality. You can check this post (Click here) for details on these options as well as an extension to TLS that would give you the ability to determine which hostname the client is making a request to before presenting a certificate to the client.
Aaron
Kevan_50436I thought that might be the case. Thanks for the response.
Chris_Bartnick_not to hijack this thread but,
is there a way to modify that script with an "and" statement to
scan the incoming headers and detect (1) if there are multiple Content-Length headers, or (2) if a Content-Length header does not have a length specified?
