Stumped on iRule for SSL traffic

Question

Hi,&nbsp;
&nbsp;I seem to be stumped here. I have an iRule that does re-direction based on HTTP:HOST. &nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;   if { [HTTP::host] starts_with "billing.domain.com"} {
&nbsp;      pool billing.domain.com_pool
&nbsp;   } elseif { [HTTP::host] starts_with "hr.domain.com"} {
&nbsp;      pool hr.domain.com_pool
&nbsp;   } &nbsp;
&nbsp;This works fine for http traffic. I added another virtual server for https traffic and it does not appear to work. The SSL certs are on the servers in the two pools (not on the F5). I just want to use the F5 to load-balance the traffic. &nbsp;
&nbsp;Is this not working because the traffic from the client to the F5 is encrypted and the F5 cannot read [HTTP:host]? Is the only solution to terminate the SSL connection on the F5?

joe_pruitt · Answer

The Host header is part of the payload and unless the BIG-IP is terminating the SSL connection, there is no way for it to read the payload for the header.  So, yes, if you want to make decisions based on the payload content, the only option is to terminate the SSL connection on the BIG-IP.&nbsp;
&nbsp;-Joe

Forum Discussion

Stumped on iRule for SSL traffic

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

LTM Traffic Policies vs iRules: Which runs first?

iRule for custom traffic flow

Logging TLS traffic less than TLSv1.2

Traffic Shaping and Atlassian Jira

Floating IPs on new traffic group members