I think the single VIP solution is more trouble than it's worth. To enable a VIP to listen on multiple ports (in this case 80 and 443), you have to set the port to *any, which means you now have to filter out everything but port 80 and 443 traffic and enable or disable an SSL profile based on the protocol.The alternative is to create a very simple port 80 VIP on the same IP address and then assign an HTTP profile and the built-in _sys_https_redirect iRule. The all of your URI redirect logic is applied to your HTTPS VIP.