Okay. so you have a couple of things going on here.
You have an HTTP (No SSL) virtual that you're connecting to and want to send to one of two back end pools depending on URL. One of those pools, POOL1, is also a non SSL connection, but POOL2 wants SSL.
The problem that you're running into is that the traffic to POOL2, even though it's on tcp9443, is still no encrypted. There are a couple of ways to do this, and since it seems like you're really wanting to tie this into the app-layer, it might make sense to either use a redirect or a virtual.
The whole point of the virtual is to apply the server side ssl, and at the same time, only apply it when it's needed for pool2. Something to remember, though, the client side connection will still be in the clear.
ltm virtual pool2-virtual {
destination 192.168.100.100:http
ip-protocol tcp
mask 255.255.255.255
pool pool2
profiles {
default-http-profile { }
default-oneconnect-profile { }
default-tcp-lan-optimized-default {
context clientside
}
default-tcp-wan-optimized-default {
context serverside
}
serverssl {
context serverside
}
}
source-address-translation {
type automap
}
vs-index 3
}
At that point, the iRule on the existing virtual would change to :
if {([string tolower [HTTP::uri]] starts_with "/logon/")} {
virtual pool2-virtual
}
Or, alternatively, just create a new pool and listener for that server for a non SSL port.