Forum Discussion
Sarah
Cirrus
CirrusHTTPS passthrough for a single domain name
Hi Everyone, I have 1x HTTPS virtual server hosting multiple applications/ domain names (e.g. X.com, Y.com, Z.com, etc.) it is configured with SSL Bridging mode (both VS and pool members are 443). ...
Paulius
MVP
MVPSarahThe only way to do this without the F5 decrypting it at all would be using this article most likely where SNI is used. If SNI is not used you will not be able to do what you are asking.
https://support.f5.com/csp/article/K13452
The reason you are not able to perform the action that most people are recommending without decrypting is because all the iRule options would be looking at the HTTP header which cannot be inspected until after the SSL connection has been decrypted. If SNI is not an option all the time you would have to create a new virtual server with a unique SSL certificate that encompases all FQDNs in question so that you can seperate out the can inspect and cannot inspect by virtual server. The following link might assist you in the future on what happens where when using an iRule.
https://packetpushers.net/wp-content/uploads/2013/11/Event_Order_HTTP_v12.png
