Forum Discussion
Michael_Yates
Jun 04, 2012Nimbostratus
Hi kona2-9,
I agree with Joel’s suggestion of splitting your HTTP and HTTPS Traffic onto separate Virtual Servers (on for 80 and one for 443).
On your HTTP Virtual Server you do not need any SSL Profiles. On your HTTPS Virtual Server you will need an SSL Profile (Client) at a minimum. If you have an SSL Certificate installed on the Web Server then you will also need to enable the SSL Profile (Server) as well to re-encrypt the traffic between the LTM and the Web Server.
If you follow the suggestion of using two Virtual Servers and you want to maintain the logic in a single iRule that could be applied to both the HTTP and HTTPS Virtual Server you could do something like this, or separate the logic into two simpler iRules (one for HTTP and one for HTTPS).
when HTTP_REQUEST {
switch [TCP::server_port] {
"80" {
switch -glob [string tolower [HTTP::host]] {
"*testa.org" { pool testa.org }
"*testb.org" { pool testb.org }
}
}
"443" {
switch -glob [string tolower [HTTP::host]] {
"*testa.org" { pool testa.org-ssl }
"*testb.org" { pool testb.org-ssl }
}
}
}
}
Hope this helps.