Forum Discussion
Erich_Rockman_1
Cirrus
Apr 27, 2014single ip / ssl profile / iapp template
I am relatively new to F5 iRules and I hope someone can help me out. I have a single public IP that will host many sites including:
Exchange 2013 created with the iapp template (443 client / 80...
Kevin_Stewart
Employee
Apr 29, 2014I don't remember if I've tested this specifically, but you should be able to employ ProxySSL with similar logic to route the traffic based on layer 7 Host information (without terminating the SSL).
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"owa.domain.com" { pool oa_pool }
"adfs.domain.com" { pool adfs_pool }
default { reject }
}
}
You'd need to use the same wildcard cert and private key on both servers, and also plant the private key on the F5 for ProxySSL. Given that you're not terminating SSL, I'm guessing you also need something like source address persistence.
So when you say you can't offload the SSL, does that also mean you can't terminate and re-encrypt also?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects