iRule to Select Pool by HTTPS Header

Question

I am using an iRule I found on this site that selects a pool based on the http header and it works fine. I want to do this for https connections. Can the iRule I am using be modified to work for https? Or is there a separate iRule that can be used?

kevin_stewart · Answer

HTTP filtering is an OSI layer 7 process, while SSL is a layer 6 process. As long as an SSL profile is applied to decrypt the client side traffic, the HTTP events and commands are independent of layer 6 processing. In other words, you HTTP iRule should work exactly the same - assuming you're offloading SSL with a client SSL profile.

kend · Answer

If I want to use a server SSL profile, how would I make that work?&nbsp;

kevin_stewart · Answer

It still doesn't matter. If you think of the proxy in terms of OSI layers, it might look like this:
Client  -&gt;  L4 TCP -&gt; L5/6 SSL -&gt; L7 HTTP -&gt; L6/5 SSL -&gt; L4 TCP  -&gt;  Server

HTTP layer 7 sits between the client side SSL and server side SSL. If you decrypt SSL on the client side, the HTTP traffic will be accessible to the HTTP filter. Whether or not you re-encrypt on the server side doesn't matter, because by that point in the proxy you've already left layer 7.

Forum Discussion

iRule to Select Pool by HTTPS Header

3 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

F5OS login with admin/root failed via console

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

UCS Encryption Question

Unblock Request WAF

Related Content

iRule to modify a content-security-policy header

Select pool based on HTTP host header

iRules Recipe 3: Pool and SNAT Selection by Host Header Value

Strict header Insertion

Host header injection iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS