Irules, RDP, HTTP Host and File Share

It depends is probably the best answer at this stage. In the first instance you should capture some packets of an RDP connection and see where the FQDN appears. Then you can collect data when a client initially connects, search for the relevant detail and route traffic accordingly.

Here's an example Nitass and I worked on recently in relation to POP3 and IMAP connections and usernames. It just logs but obviously we can do anything required.

when CLIENT_ACCEPTED {
 if { ([TCP::local_port] == 143) or ([TCP::local_port] == 110) } {
  Collect data if client is using unencrypted IMAP or POP3
  TCP::collect 0 0
 }
}
when CLIENT_DATA {
 if { [TCP::local_port] == 143 } {
 Only do the following if client is using unencrypted IMAP and presumably 
 data has been collected
  if { [TCP::payload] contains "login" } {
   scan [TCP::payload] {%*s login %s} imapusername
   log local0. "Unencrypted IMAP connection established by $imapusername"
   Release and flush collected data
   TCP::release
   Stop processing the iRule for this event here
   return
  }
 }
 elseif { [TCP::local_port] == 110 } {
 Only do the following if client is using unencrypted POP3 and presumably data has been collected
  if { [TCP::payload] contains "USER" } {
   Look for text 'USER', skip forward 1 character and match up to the end 
   of the line
   set pop3username [findstr [TCP::payload] "USER" "1"]
   log local0. "Unencrypted POP3 connection established by $pop3username"
   Release and flush collected data
   TCP::release
   Stop processing the iRule for this event here
   return
  }
 }
 Release the data collected (if not match above)
 TCP::release
 Collect data for subsequent packets
 TCP::collect
}