iRule redirect https without profile

Question

Hello,&nbsp;
I was wondering if the following scenario is possible with an F5 BIGIP LTM:
 - Have several sites running on http and https (IIS - with SNI)
 - Create Pools for each port
 - Have 1 health check on port 80
 - Redirect traffic to both pools with 1 iRule
 - without any certificates on the loadbalancer&nbsp;
Would this be possible as the F5 also supports SNI from 11.x+? Or are the certificates always required on the loadbalancer for forwarding based on hostname to work?&nbsp;
Thanks in advance!
H&nbsp;

kevin_stewart · Answer

SNI on the LTM is a function of the SSL profile, so by virtue of that you have to terminate the SSL at the BIG-IP to be able to use the SNI functionality, and this requires the cert and private key.&nbsp;
In lieu of that, you cannot perform any OSI layer 7 functions (ie. HTTP redirects) without being able to see the decrypted traffic.&nbsp;

Forum Discussion

iRule redirect https without profile

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 HTTPS Redirect 2025

F5 BIG-IP Advanced WAF – "dos profile" reporting

F5 BIG-IP Advanced WAF – DOS profile configuration options.

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

SSL Profiles Part 8: Client Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS