Well, here are two options assuming I understand the scenario. You should only need to use one of these rules to replace your existing iRule_2.
This also assumes you've mapped each virtual server address to a host name in a datagroup named ip_to_hostname_class:
class ip_to_hostname_class {
"1.1.1.1 host.example.com"
"1.1.1.2 host.another.com"
"1.1.1.3 host.yetanother.com"
}
This example assumes that any host name which resolves to the VIP address has a domain which matches the SSL cert's domain on the corresponding HTTPS VIP.
when HTTP_REQUEST {
Check if the host header has at least three fields (anything.example.com)
This would also match an IP address, but that seems like a use case
where the client would expect a cert mismatch error when requested via HTTPS
if {[string match "*.*.*" [HTTP::host]]}{
Assume the client has requested a valid domain (*.example.com)
where the domain of the host header is what the SSL cert on the HTTPS VIP is issued for
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
} else {
Look up the correct domain for this request
using the VIP address in the ip_to_hostname_class datagroup
set hostname [findclass [IP::local_addr] $::ip_to_hostname_class]
if {$hostname eq ""}{
Should there ever be a VIP IP which doesn't have a corresponding class entry??
You could hard code a default redirect here if you want
HTTP::redirect "https://www.example.com[HTTP::uri]"
} else {
Parse the last two parts of the hostname (returns example.com from www.example.com
HTTP::redirect "https://www.[domain $hostname 2][HTTP::uri]"
}
}
}
This example is less efficient in that the VIP's host name is looked up in the class on every TCP connection. The domain of the VIP's host name is checked against the requested host header. If they don't match, then the request is redirected to
www.example.com where example.com is the domain of the VIP's host name.
when CLIENT_ACCEPTED {
Look up the VIP address in the ip_to_hostname_class datagroup
Use this event to avoid the lookup for every HTTP request
set hostname [findclass [IP::local_addr] $::ip_to_hostname_class]
if {$hostname eq ""}{
Should there ever be a VIP IP which doesn't have a corresponding class entry??
If this does happen, you can hard code a default domain to use in the redirect
set hostname "example.com"
}
}
when HTTP_REQUEST {
Check the requested host header
switch -glob [string tolower [HTTP::host]] {
"*.$hostname" {
Redirect *.example.com to the same host and URI via HTTPS
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
default {
Redirect all else to www.example.com host and original URI via HTTPS where
example.com is the last two parts of the hostname (example.com from www.example.com)
HTTP::redirect "https://www.[domain $hostname 2][HTTP::uri]"
}
}
}
If the logic or implementation for either of these is wrong, let me know. If the logic looks right, but the iRule doesn't work, can you add logging to the rule and reply with the logs/description of what actually happens and what you want to happen?
Thanks,
Aaron