Forum Discussion
6 Replies
Sort By
- Chris_MillerAltostratusYou need something listening on port 80 at a specific IP address that also can run an iRule. That pretty much limits you to either having a Virtual Server listening on all ports, or multiple Virtual Servers.
- DaveC_21078AltostratusThanks Chris. I'll look the rule over. I couldn't think of any other way to do it, and I didn't want to just open all ports and let everything through w/o some kind of control. This gives me an option.
- L4L7_53191NimbostratusFWIW, to Chris's last point, I'd absolutely go for two specific VIPs here - setup your port 80 vip with an HTTP class that redirects everything over to HTTPs (something like 'https://[HTTP::host][HTTP::uri]'). Here's why I say this:
- hooleylistCirrostratusI agree with Chris and Matt. It's simpler and more efficient to use two virtual servers rather than use an unnecessarily complex iRule on one virtual server. I should put a note on that Codeshare example that it's more for novelty than a best practice recommendation.
- RACQ_74493CirrusThis will probably show significant ignorance but can't you just select the checkbox "Non-SSL Connections " (see advanced view) on the clientSSL profile you have configured and attached to the VIP listening for the HTTPS traffic. Of course if this cert is a starcert used by a bunch of VIPs it will add this ability to all VIPs so you may not want this.
- hooleylistCirrostratusHi David,