Forum Discussion

Brian_Buddemeye's avatar
Brian_Buddemeye
Icon for Nimbostratus rankNimbostratus
Sep 26, 2006

iRule to choose pool and handle SSL termination

Hello,

 

 

I'm working on an LTM implementation where we are trying to direct traffic to individual pools based on an application name in the URI. I've written the rule below to handle the pool selection for what is currently an "all protocols" virtual server:

 

 

when HTTP_REQUEST {

 

switch [HTTP::uri] {

 

"/app1" {

 

pool p_app1

 

}

 

"/app2" {

 

pool p_app2

 

}

 

}

 

 

In our tests, this rule is doing what we would expect for regular end-to-end HTTP traffic. However, we want to use the LTM to terminate SSL when we move this system into production. The catch is that I need to present different certificates to the client depending on what application is being accessed. How can I modify the rule above (or create a new one if necessary) to handle that half of my requirement?

 

 

Thanks in advance for any help you can provide!
application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 26, 2006
    Hello,

     

     

    We should probably add this info to a FAQ as the question comes up quite often.

     

     

    If your sites are all on the same domain, a wildcard cert would be the only simple answer to your question of how to configure one VIP for multiple SSL-based sites. If that's the solution you go with, you can configure the wildcard cert in an SSL profile on a standard HTTPS VIP. You could then reference the rule you noted above by both the HTTPS VIP with the wildcard cert and the HTTP VIP. If the sites are on different domains, you may need to create multiple VIPs for each domain so you have use one cert per VIP.

     

     

    For more info on this, see this post: (Click here)

     

     

    Aaron