Forum Discussion

DCP's avatar
DCP
Icon for Nimbostratus rankNimbostratus
Oct 06, 2014

iRule to Pool supporting SSL with differnt Host name

We have an environment that required users to hit VIP that uses F5 to offload SSL. If users request for /login, we need to rewrite host information and re-encrypt traffic back to pool using certifica...
application delivery
design
devops
iRules
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 07, 2014

If you're referring to simply adding a server SSL profile for when the request flow has to go to the server2 pool, the easiest method is to apply the server SSL profile to the virtual server configuration and disable it for the regular traffic. You can't use the SSL::enable and SSL::disable commands unless an SSL profile is applied to the VIP. Something like this:

when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]] {
        "/login/login.html" {
            pool login_pool
            HTTP::header replace Host "server2.mycompany.com"
        }
        default {
            pool default_pool
            SSL::disable serverside
        }
    }
}