Forum Discussion

geryatric_32399's avatar
geryatric_32399
Icon for Nimbostratus rankNimbostratus
Jul 20, 2011

Need help with HTTPS only and mixed HTTP/HTTPS

Hi,

 

 

I have a design problem that im hoping someone here will be able to help with

 

 

I have two virtual servers :

 

my_http_virtual_server - 10.100.10.10:80

 

my_https_virtual_server - 10.100.10.10:443

 

 

and a single pool of 20 IIS servers :

 

my_webserver_pool

 

 

I have roughly 20 domains that get pointed to the above virtual servers.

 

I can access all domains over HTTP and HTTPS and that is working OK

 

 

My problem is I need to restrict around 5 domains to HTTPS so that they cannot be accessed over HTTP

 

What is the best way to do this?

 

 

I was hoping to create another virtual server my_https_only_virtual_server - 10.100.10.10:443

 

And then create a HTTP class that matched the 5 domains (like host headers in IIS) and then apply the HTTP class and an iRule that redirects any HTTP requests to HTTPS.

 

 

However it doesnt let me add another virtual server using the same IP/Port binding 10.100.10.10:443

 

 

How can i have some domains HTTP, some HTTPS ONLY and some both HTTP/HTTPS using a simple design

 

(I am using a single Public IP address that gets NAT'd through to the F5 by the Firewall)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1 Reply

  • You could use an HTTP class or iRule on the existing 10.100.10.10:80 VS which matches on the requested host header value if it equals any of your five domains. The action on the HTTP class or iRule would be to redirect to https://[HTTP::host][HTTP::uri].

    Here's an iRule example:

    
    when HTTP_REQUEST {
    
       switch [string tolower [HTTP::uri]] {
          "www.example.com" -
          "www.example.org" -
          "www.example.net" {
             HTTP::redirect "https://[HTTP::host][HTTP::uri]"
          }
       }
    }
    

    Aaron