Irule help for HTTPS host to HTTPS host

Hi Thiyagu,

Does it mean SSL termination from the client to the VIP should get complete first and then only the redirection would work?

For redirection to work on the https traffic, the decryption needs to happen on the LTM, Yes, so you need a clientssl profile mapped to your VS.

Does it mean the LB VIP should get have the correct SSL certificate with the SAN name of "site1.com"

Yes if you are planning to redirect https://test1.x.com to https://test2.y.com, make sure the clientssl cert has the CN or SAN of test1.x.com, if it doesn't - when one access https://test1.x.com they will get an certificate exception page first, and when they click on proceed to continue, thats when redirection will take place. I dont suppose you'd want the certificate exception page to pop up. So yea put the SAN in your cert.

One more query, if I have wrong SSL certificate for example the client URL is site1.abc.com whereas the certificate on LB is site2.abc.com then can't we do the URL direction?

Yes you can still do redirection, apply the Irule, but you'll see certificate exception error page first when its accessed.

when HTTP_REQUEST {
    HTTP::redirect "https://test2.y.com[HTTP::uri]"
}

Is there any way to check in the client hello for the host value and then doing the redirection to the othe URL?

In the client hello there will not be any http data, It has to be on the http_request.

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] ends_with "test1.x.com" } {
        HTTP::redirect "https://test2.y.com[HTTP::uri]"
    }
}