Forum Discussion

Kevan_50436's avatar
Kevan_50436
Icon for Nimbostratus rankNimbostratus
Apr 21, 2009

HTTPS iRule to redirect traffic by URL?

I have a really simple iRule to route HTTP traffic based on the URL specified:

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] contains "test2" } {

 

pool Test2_HTTP

 

} else {

 

pool Test1_HTTP

 

}

 

}

 

 

I would like to also do this for SSL traffic.

 

 

I know (or at least think) that SSL traffic must be terminated at the LTM to apply iRules to SSL, which requires an SSL client profile. However, the SSL client profile only contains one certificate, so it would not work for the second URL.

 

 

Is this even possible?

 

 

Thanks,

 

Kevan.
application delivery
dev
devops
iRules

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 21, 2009
    Hi Kevan,

     

     

    The practical answer is that right now, you can only use one SSL certificate per virtual server. In order to avoid an cert mismatch error on browsers, the cert subject(s) must match the hostname the client makes a request to. There are a few options using a single wildcard cert or a single cert with Subject Alternate Names (SANs) that extend the functionality. You can check this post (Click here) for details on these options as well as an extension to TLS that would give you the ability to determine which hostname the client is making a request to before presenting a certificate to the client.

     

     

    Aaron
  • Chris_Bartnick_'s avatar
    Chris_Bartnick_
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2009
    not to hijack this thread but,

     

    is there a way to modify that script with an "and" statement to

     

    scan the incoming headers and detect (1) if there are multiple Content-Length headers, or (2) if a Content-Length header does not have a length specified?