Forum Discussion
Using TLS Server Name Indication is one way of handling this however, it will only work for TLS 1.1 and BigIP 11.1 and later.
There are a couple ways you could do this or something like it: 1) Use a priority based pool membership where your 1 maintenance server is at a lower priority group than the others. Then when it is time for maintenance, take your primary servers offline and traffic would flow through the VIP to the maintenance server. (No iRules required)
2) Use a simple iRule that can be applied to the VIP when you want to take the site down. My company created a vanity host "sorry.your domain.com" and the iRule does a 302 redirect to the http://sorry address. Because the HTTPS VIP issues the 302 to the HTTP address, you don't end up with the SSL issue but if your site is in a browers "trusted" site list, they may get a warning about being redirected to an "untrusted" site.
3) Use a rule like the ProxyPass iRule that would take the inbound request and remap it on the fly to a different pool & URI on the inside network.
All 3 of these scenarios are viable alternatives to using SNI if it is not available.
One somewhat less desirable option would be to create a multi-name SSL cert for your maintenance VIP that contains all of your other domains as aliases. If your maintenance page is a vanity host header, this is probably not an issue but could be a security risk if your key was compromised and those names reached the live application.