Forum Discussion
3 Replies
Sort By
Hi,
- mbayer_236661Nimbostratus
Thank you sounds good -- if I have to use multiple VIPs with all the public IP's it will make the F5 console unusable.
Hi,
here is a modified excerpt from the iRule I used for a clients Exchange environment:when CLIENT_ACCEPTED { switch [TCP::local_port] { 81 { Cleartext HTTP traffic (redirect into https) SSL::disable clientside pool defaultPool return } 443 { Encrypted HTTP traffic (decrypt, forward to pool) pool elsePool return } default { Reject everything else reject return } } }
The associated virtual server has a client-ssl profile and optionally a server-ssl profile depending on your specific requirements.
The virtual server works in mode of "Standard" and uses TCP and has a port of "0" to listen on all service ports. The pools will be configured with specific ports. In case of incoming traffic on TCP/81 the client-ssl profile will be disabled by the iRule. In case of incoming traffic on TCP/443 the virtual servers client-ssl profile will kick in and terminate SSL before forwarding traffic to the elsePool. Btw, the original iRule has more use cases and turns http profile on and off, modifies persistence methods and rewrites redirects. (In production since a couple of months instead of using the approach described in the deployment guide.) Thanks, Stephan