layout

Question

here is my Irule for two new servers coming in on VIP .77
&nbsp;when HTTP_REQUEST {
&nbsp;   switch [string tolower [HTTP::host]] {
&nbsp;      sites.xxx.xxx.mil { pool sites.xxx.xxx.mil_pool}
&nbsp;      eusmc.xxx.xxx.usmc.mil {pool
&nbsp;eusmc.xxx.xxx.usmc.mil_pool}
&nbsp;      ehqmc.xxx.xxx.usmc.mil {pool
&nbsp;ehqmc.xxx.xxx.usmc.mil_pool}
&nbsp;      tecom.xxx.xxx.usmc.mil {pool
&nbsp;tecom.xxx.xxx.usmc.mil_pool}
&nbsp;      mccdc.xxx.xxx.usmc.mil {pool
&nbsp;mccdc.xxx.xxx.usmc.mil_pool}
&nbsp;      caocl.xxx.xxx.usmc.mil {pool
&nbsp;caocl.xxx.xxx.usmc.mil_pool}
&nbsp;      default {pool default_pool}
&nbsp;   }
&nbsp;}&nbsp;
&nbsp;Vip .77 already is running one site and has an SSL cert attached to it.  The ssl cert is a single self signed cert.  I added the irule above because we have a new customer that will be using the same Vip but hosting different sites than our current customer.  Our current customer own two servers which are identical address is portal.xxx.xxx.mil.  I have created separate pools for each site listed above.  When I applied this irule in hopes that the new sites and the irule would point the traffic to the new pool.  It isn't working can anyone tell me why?

colin_walker_12 · Answer

It looks like you coded the switch statement appropriately, assuming that each hostname with "xxx.xxx" in it matches the incoming hostname fromt he client, and the pool is valid. 
If the incoming connections are SSL, though, you'd have to first decrypt those requests via a CLIENT-SSL profile on the BIG-IP, before the iRule would be able to interpret any of the header data, such as the Host.
Are you doing this?  If so, you're probably going to get warnings about the domain name on the cert you're using for your CLIENT-SSL profile, as you can only assign a single cert to that profile, and you're trying to use a single SSL vip to host multiple hostnames. That is unless you're using a wildcard cert for usmc.mil.
when HTTP_REQUEST {
  switch [string tolower [HTTP::host] ] {
    sites.xxx.xxx.mil { 
      pool sites.xxx.xxx.mil_pool
    }
    eusmc.xxx.xxx.usmc.mil {
      pool eusmc.xxx.xxx.usmc.mil_pool
    }
    ehqmc.xxx.xxx.usmc.mil {
      pool ehqmc.xxx.xxx.usmc.mil_pool
    }
    tecom.xxx.xxx.usmc.mil {
      pool tecom.xxx.xxx.usmc.mil_pool
    }
    mccdc.xxx.xxx.usmc.mil {
      pool mccdc.xxx.xxx.usmc.mil_pool
    }
    caocl.xxx.xxx.usmc.mil {
      pool caocl.xxx.xxx.usmc.mil_pool
    }
    default {
      pool default_pool
    }
  }
}
Colin

Forum Discussion

layout

1 Reply

Recent Discussions

F5 VPN client + Endpoint Inspection

Who is the good technical book publisher for first time author?

failed: Cannot contact any KDC for realm

F5OS API is config save/commit needed?

Creating a GTM Pool error

Related Content

ARX configuration/network layout

APM displays bad page layout

Edge Client Layout Customization

Devcentral feedback new header layout

Layout of BIP-LTM