Stumped on iRule for SSL traffic

Question

Hi,&nbsp;
&nbsp;I seem to be stumped here. I have an iRule that does re-direction based on HTTP:HOST. &nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;   if { [HTTP::host] starts_with "billing.domain.com"} {
&nbsp;      pool billing.domain.com_pool
&nbsp;   } elseif { [HTTP::host] starts_with "hr.domain.com"} {
&nbsp;      pool hr.domain.com_pool
&nbsp;   } &nbsp;
&nbsp;This works fine for http traffic. I added another virtual server for https traffic and it does not appear to work. The SSL certs are on the servers in the two pools (not on the F5). I just want to use the F5 to load-balance the traffic. &nbsp;
&nbsp;Is this not working because the traffic from the client to the F5 is encrypted and the F5 cannot read [HTTP:host]? Is the only solution to terminate the SSL connection on the F5?

joe_pruitt · Answer

The Host header is part of the payload and unless the BIG-IP is terminating the SSL connection, there is no way for it to read the payload for the header.  So, yes, if you want to make decisions based on the payload content, the only option is to terminate the SSL connection on the BIG-IP.&nbsp;
&nbsp;-Joe

Forum Discussion

Stumped on iRule for SSL traffic

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

Getting Started with iRules: Directing Traffic

Verifying Local Traffic Policy and iRule Precedence

iRule to log traffic details

To iRule, or not to iRule: Introduction to Local Traffic Policies

Routing traffic by URI using iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS