For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dheer_282482's avatar
Dheer_282482
Icon for Nimbostratus rankNimbostratus
Aug 02, 2016

Smae VIP with SSL for multiple application, URL based forwarding

Hello mates, I need help on below scenario working on https. /

example :- if url  https://hello.abc.com  will be go to Pool :- hello.abc.com 

       if url https://hi.abc.com will go to Pool :- hi.abc.com 

          where VIP is same with https port for https://hello.abc.com & https://hi.abc.com
application delivery
BIG-IP
devops
LTM

10 Replies

  • Dheer_282482's avatar
    Dheer_282482
    Icon for Nimbostratus rankNimbostratus
    Aug 04, 2016

    Hello mates, I need help on below scenario working on https. /

    example :- if url https://hello.abc.com will be go to Pool :- hello.abc.com 

       if url https://hi.abc.com will go to Pool :- hi.abc.com 

      where VIP is same with https port for https://hello.abc.com & https://hi.abc.com
  • Benjamin_Cuisin's avatar
    Benjamin_Cuisin
    Icon for Nimbostratus rankNimbostratus
    Aug 04, 2016

    Hi,

     

    You can choose LTM policies or irules to have several fqdn on the same Virtual Server. If you are using SSL, you need to provision a valid SSL certificate. A SAN certificate or a wildcard is required.

     

    • Benjamin_Cuisin's avatar
      Benjamin_Cuisin
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2016

      If you choose using the irule, you can try the following one : 

      when HTTP_REQUEST {
        switch -glob [string tolower [HTTP::host]] {
            "hello.abc.com*" {
                pool poolname1
            }
            "hi.abc.com*" {
                pool poolname2
            }
        }
}

      You also need to assign a oneconnect profile to avoid Load Balancing decision issues.

    • Dheer_282482's avatar
      Dheer_282482
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2016

      Hi Benjamin ,

       

      Thanks it's working with HTTP, but not with HTTPS.

       

  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Aug 04, 2016

    Create a string datagroup named hostpools like the following:

    www.abc.com := www.abc.com

        when HTTP_REQUEST {
            set hostpool [class match -value [string tolower [HTTP::host]] equals hostpools]
            if { $hostpool ne "" } {
                            pool $hostpool
            } else {
                            discard
            }
    }
    • Dheer_282482's avatar
      Dheer_282482
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2016

      HI Ekaleido,

      Not able to create irule based on your suggestion

      can you help me for mapping example :- if url https://hello.abc.com will be go to Pool :- hello.abc.com

      if url https://hi.abc.com will go to Pool :- hi.abc.com 

        where VIP is same with https port for https://hello.abc.com & https://hi.abc.com
    • ekaleido's avatar
      ekaleido
      Icon for Cirrus rankCirrus
      Aug 04, 2016

      My iRule does exactly what you're asking for, it just uses a data group to validate that the URL is valid and should be delivered, then it delivers it to a pool sharing the name of the host.

       

  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    Aug 04, 2016

    Create a string datagroup named hostpools like the following:

    www.abc.com := www.abc.com

        when HTTP_REQUEST {
            set hostpool [class match -value [string tolower [HTTP::host]] equals hostpools]
            if { $hostpool ne "" } {
                            pool $hostpool
            } else {
                            discard
            }
    }
    • Dheer_282482's avatar
      Dheer_282482
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2016

      HI Ekaleido,

      Not able to create irule based on your suggestion

      can you help me for mapping example :- if url https://hello.abc.com will be go to Pool :- hello.abc.com

      if url https://hi.abc.com will go to Pool :- hi.abc.com 

        where VIP is same with https port for https://hello.abc.com & https://hi.abc.com
    • ekaleido_26616's avatar
      ekaleido_26616
      Icon for Cirrocumulus rankCirrocumulus
      Aug 04, 2016

      My iRule does exactly what you're asking for, it just uses a data group to validate that the URL is valid and should be delivered, then it delivers it to a pool sharing the name of the host.