You can use TCP::local_port to get the true requested port. I think URI::port and URI::host are intended to be used to parse absolute URIs (typically used when making requests to an HTTP proxy. You could use something like this to check the requested port, disable the client SSL profile if it's not needed and select the pool based on the requested URI:
when CLIENT_ACCEPTED {
Check the requested port
switch [TCP::local_port] {
"80" {
Disable the client SSL profile
SSL::disable
}
"443" {
Leave the client SSL profile enabled
}
default {
Take some action for other ports? For example, send a TCP reset
reject
}
}
}
when HTTP_REQUEST {
Check the requested URI
switch -glob [HTTP::uri] {
"/a*" {
Check if requested port is 443
if {[TCP::local_port]==443}{
Select a_pool and stop processing this event in this iRule
pool a_pool
return
}
}
"/b*" {
Check if requested port is 80
if {[TCP::local_port]==80}{
Select b_pool and stop processing this event in this iRule
pool b_pool
return
}
}
default {
Send to default pool. This must be defined on port 0,
with the pool members configured on the same HTTP HTTPS ports as the virtual server
pool x_pool
return
}
}
If we made it here, the request was to /a and not via port 443 or to /b and not via port 80, so take some default action?
HTTP::respond 403 Content {Unauthorized request}
}
Aaron