Nimbostratus
NimbostratusWow - thanks for that sample. I am thinking that my problem is a little bit simpler. I apologize if I didn't explain the problem clearer.
Here is the description of what we would like to do
1. all traffic (both HTTP and HTTPS) go to a single virtual address (vip).
2. we want to route requests based on URI (layer 7 routing) to one of three different load-balancing pools (call them pool-acme, pool-bob and pool-onlyssl).
3. F5 when routing preserves the protocol - if requests comes in as HTTP, it is sent to the pool as HTTP
We have the following iRule that seems to do the trick
when HTTP_REQUEST {
log local0. "uri=[HTTP::uri]"
set uri [HTTP::uri]
if {$uri starts_with "/acme"} {
log local0. " going to pool-acme"
pool pool-acme
} elseif {$uri starts_with "/onlyssl"} {
pool pool-onlyssl
} else {
pool pool-bob
}
}
EXCEPT when the request comes in as HTTPS. When in HTTPS, the value of HTTP::uri appears to be the encrypted uri which breaks our Layer 7 routing decision.
Question 1 - is there a way we could get the value of HTTP::uri when the request comes in HTTPS
Alternatively, we could set up the F5 to be the SSL break. In that case, when requests comes in as
1. HTTP: look at and route based on uri - leave protocol as HTTP
2. HTTPS: then break SSL, route based on uri, then send to pool as HTTPS
Bernie