For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Erich_Rockman_1's avatar
Erich_Rockman_1
Icon for Cirrus rankCirrus
Apr 28, 2014

single ip / ssl profile / iapp template

I am relatively new to F5 iRules and I hope someone can help me out. I have a single public IP that will host many sites including:   Exchange 2013 created with the iapp template (443 client / 80...
application delivery
deployment
devops
iApps
iRules
LTM
sni
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 29, 2014

Perhaps the easiest thing would be a VIP-targeting solution. Layer an external LTM VIP with SSL offload in front of your internal application VIPs. You don't necessarily need to worry about SNI here as long as the external VIP is decrypting the client side SSL (you can optionally re-encrypt to the internal VIPs) and 2) the sites use different resolved host names.

when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "owa.domain.com" { virtual oa_vip }
        "adfs.domain.com" { virtual adfs_vip }
        default { reject }
    }
}

The one significant caveat here might be if you needed client certificates at the application VIPs, which would be highly difficult to achieve with VIP targeting.