For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

parvez_70211's avatar
parvez_70211
Icon for Nimbostratus rankNimbostratus
May 28, 2016

redirect https request based on hostname

Team,   I'm new to Irules. Need your suggestion on the below request   I have an existing VIP (https://www.abc.com 10.10.10.10:443) which has a pool member (1.1.1.1:443) and ssl is offloaded on...
application delivery
iRules
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
May 28, 2016

Hi,

Regarding Odaah irule, you can improve a bit the irule :

when CLIENT_ACCEPTED {
    set DEFAULT_POOL [LB::server pool]
}

when HTTP_REQUEST {
    switch [HTTP::host] {
        "www.abc.com" { 
            pool POOL_ABC
        } 
        "www.xyz.com" {
            pool POOL_XYZ
        }
        default {
            pool $DEFAULT_POOL
        }
    }
}
  • parvez_70211's avatar
    parvez_70211
    Icon for Nimbostratus rankNimbostratus
    May 29, 2016
    Now if the SSL is terminated on the LB. Can I have two client SSL profile linked to the same VIP?? Basically what I'm trying say is that I already have a CA cert for CN: www.abc.com Do I order another cert with CN: www.xyz.com and associate both clientssl profiles to the same vip?
  • parvez_70211's avatar
    parvez_70211
    Icon for Nimbostratus rankNimbostratus
    May 29, 2016
    I know single cert with SAN will help my case but will it work with 2 different certs? Yann, can I write an Irule similar to the one you provided above with the help of data objects??
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    May 29, 2016
    Hi, yes you can use 2 certs. That case, you need to configure ssl profiles using SNI feature. I provided you with an article on that topic in the post below. let me know if it fits your need