Sam_Parkes_1110
Aug 11, 2008Nimbostratus
SSL::profile switching - per host name requested
I'm trying to get different URL host names to negotiate with different SSL profiles as they go through a single VIP on the F5. We have several URLs we want to point to the same external IP (by DNS), where our Firewalls NAT to a single VIP address on the F5, that part is straight forward. But we would then open SSL pages which would require the client's browser to negotiate with a seperate SSL profile and therefore different certificate for each URL host name. I'm not certain this is possible - but wondered if an iRule could detect the HTTP::host and direct the request to an SSL::profile without the browser complaining?
The examples on the site are:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] eq $specific_ip ]} {
SSL::profile host1_profile
}
but this tests on client IP address, we would need to test on the HTTP:host name.
Any help would be appreciated.
Thanks,
Sam Parkes.
GTA