Forum Discussion
Erich_Rockman_1
Cirrus
Apr 27, 2014single ip / ssl profile / iapp template
I am relatively new to F5 iRules and I hope someone can help me out. I have a single public IP that will host many sites including:
Exchange 2013 created with the iapp template (443 client / 80...
Kevin_Stewart
Employee
Apr 29, 2014Perhaps the easiest thing would be a VIP-targeting solution. Layer an external LTM VIP with SSL offload in front of your internal application VIPs. You don't necessarily need to worry about SNI here as long as the external VIP is decrypting the client side SSL (you can optionally re-encrypt to the internal VIPs) and 2) the sites use different resolved host names.
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"owa.domain.com" { virtual oa_vip }
"adfs.domain.com" { virtual adfs_vip }
default { reject }
}
}
The one significant caveat here might be if you needed client certificates at the application VIPs, which would be highly difficult to achieve with VIP targeting.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects