Need help with iRules and SSL

Question

Hello, looking for some help please.&nbsp;
I have 3 different URL's all with different port numbers that point to the same VIP.  Example&nbsp;
prod.example.com:3053/menu/login&nbsp;
dev.example.com:4053/menu/login&nbsp;
test.example.com:5053/menu/login&nbsp;
I need to be able to just type&nbsp;
prod.example.com/menu/login&nbsp;
dev.example.com/menu/login&nbsp;
test.example.com/menu/login&nbsp;
And be directed to the same ports for those URL's without showing the port numbers as shown above.  I would also like these ports to be SSL.&nbsp;
I know these are iRules but can someone give me some examples of what this might look like from an iRule script?  I assume I would need 3 different rules.  I've been told I can configure SSL on the listed ports for the pool members and can figure that out but the iRule piece is where I will run into issues.&nbsp;
Thanks.&nbsp;

vimaldiaz_23323 · Answer

Hi &nbsp;
Can you try below iRules&nbsp;
when HTTP_REQUEST { 
HTTP::redirect "https://prod.example.com[HTTP::uri]" 
}&nbsp;
when HTTP_REQUEST { 
HTTP::redirect "https://dev.example.com[HTTP::uri]" 
}&nbsp;
when HTTP_REQUEST { 
HTTP::redirect "https://test.example.com[HTTP::uri]" 
}&nbsp;

stanislas_piro2 · Answer

You can configure virtual server listening on port 443 and pool members listening on different port.&nbsp;
So create one virtual server listening on port 443 (this is the only port browsers won’t display in url)&nbsp;
On the virtual server, assign clientssl profile to decrypt client side connection, and server ssl profile to encrypt server side connection&nbsp;
Then, with a LTM POLICY, assign different pool based on HTTP Host or use following article to forward connection to internal servers if you don’t want clientssl / server ssl profiles&nbsp;
https://devcentral.f5.com/articles/sni-routing-with-big-ip-31348?tag=Sni&nbsp;

kai_wilke · Answer

Hi &nbsp;
In addition to what Stanislas already said, you may also check the HTML cross-references of your application (right click the page an view source code). If the HTML/CSS or JScripts are containing the HOST-Values (e.g. http://prod.example.com:3053/), then you would need to rewrite those cross-references with the external names (e.g. https://prod.example.com/).&nbsp;
The same may apply for server-side HTTP redirects. If those are referencing your full qualified URL, they need to become adjusted too.&nbsp;
Hoping for you, that your site does not contain any of those full qualified cross-references. &nbsp;
Good luck and Cheers,&nbsp;
Kai&nbsp;

daniel_wolf · Answer

Take a look at this Devcentral Article: SNI Routing with BIG-IP.&nbsp;
Instead of iRules you can also use Traffic Profiles and TLS SNI (Server Name Indication) for routing the traffic to the correct backend. This will give you multiple FQDNs on one IP address and based on the domain name the Traffic Profile will route the traffic to the correct loadbalancing pool.&nbsp;

pclarkusa_29804 · Answer

Thank you.  I'll look at this and get back.&nbsp;

Forum Discussion

Need help with iRules and SSL

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

iRules Style Guide

BIG-IP Next: iRules pool routing

Json parsing with iRules

Re: iRules Editor with Visual Studio Code

Hey ChatGPT, can you write iRules?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS