iRule for port translation of single public IP address to multiple real server IP

You cannot have SSL listening on the same port as non SSL on the front end. If you do normal HTTP connections will fail.

 

Detailed in a post by Kevin Stewart and I quote

 

"it would be extremely difficult to do SSL and non-SSL with the same listening port. For example, let's say you want to do SSL to a VIP that is listening on port 8080 and has a client SSL profile. You also want to do non-SSL to the same IP address on the same 8080 port, but of course without a client SSL profile. You'd necessarily have to create a single VIP on port 8080, apply a client SSL profile, and use an iRule to disable that client SSL profile for non-SSL requests. Because of where SSL sits in the OSI layer, however, one of the only ways you'd have to determine the client's intentions (SSL or non-SSL) would be a layer BELOW SSL, as in at the IP layer. Prior to offloading the SSL, you don't know what the client's intentions are. Now, you could technically sniff the TCP payload at layer 4 and see if the client is sending SSL data, but then you're getting into some fairly complicated iRules."