Forum Discussion
That should technically work. So for example, if the user requested "http://aaa.com/foo", your iRule would redirect them to "http://aaa.com:8010/foo" - presumably another VIP.
You could get around the whole non-standard port thing by simply sending to different pools based on the host. I'd also use a data group for such a large set of services:
Data group (ex. my_host_dg)
aaa.com := aaa_pool
bbb.com := bbb_pool
ccc.com := ccc_pool
And then an iRule that looks like this:
when HTTP_REQUEST {
if { [class match [string tolower [HTTP::host]] equals my_host_dg] } {
pool [class match -value [string tolower [HTTP::host]] equals my_host_dg]
}
}
You'd need one VIP for port 80 traffic, one pool for each application (listening on the appropriate port), and one data group entry to map the host to the pool.
As for SSL traffic, you could the same with a few additional options:
-
Create a single SSL profile that contains a "Subject Alt Name" (SAN) certificate - a cert that contains all of the server names.
-
If you're on a v11 F5 box and don't have to worry about clients that can't do TLS (WinXP and below), you can use Server Name Indicator (SNI), create separate client SSL profiles for each server certificate/key, and apply all of those client SSL profiles to the port 443 VIP. The VIP will choose the correct client SSL profile based on the client's request.