Forum Discussion

tobulos1_310660's avatar
tobulos1_310660
Icon for Nimbostratus rankNimbostratus
Feb 17, 2017

If port 80 then HTTP else HTTPS

Hi!

We have an iRule that looks like this: 

when HTTP_REQUEST { 
  if {[TCP::local_port] == 80 } { 
    pool test-pool 
  } elseif {[TCP::local_port] >= 3000 && [TCP::local_port] <= 3999 } { 
    pool test1-pool 
  } elseif {[TCP::local_port] >= 4000 && [TCP::local_port] <= 4999 } { 
    pool test2-pool 
  } elseif {[TCP::local_port] >= 5000 && [TCP::local_port] <= 5999 } { 
    pool test3-pool 
  } else {
    drop
  }
}

It basically checks that if the user goes to a certain port, he'll use a certain pool. However, one of our developers asked us if it's possible to use HTTP if the user goes to port 80, and HTTPS for all other ports. I imagine that cannot be done from within the Virtual Server, but must be done based on which pool the user goes to. How would one steer the traffic to use HTTP if the user goes to port 80, and if he goes to any other ports, HTTPS is used?

P.S. Sorry for my beginner question, I'm still an entry level network technician and haven't worked that much with load balancing yet 🙂

application delivery
BIG-IQ
iRules

2 Replies

Sort By
  • Michele_Jetz's avatar
    Michele_Jetz
    Icon for Nimbostratus rankNimbostratus
    Feb 17, 2017

    I think since you have a http vs, you need to create an additional one with https and just redirect the requets != port 80 to the other vip which handle https traffic

     

    iRules allow to "switch" the traffic to another vip command: "virtual vsname"

     

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Feb 17, 2017

    If you are talking about HTTP of HTTPS to what context are you referring? For the serverside context you could use the following iRule. You will need to add a SSL server profile to the virtual server.

    when HTTP_REQUEST { 
  if {[TCP::local_port] == 80 } {
    SSL::disable serverside
    pool test-pool 
  } elseif {[TCP::local_port] >= 3000 && [TCP::local_port] <= 3999 } {
    pool test1-pool 
  } elseif {[TCP::local_port] >= 4000 && [TCP::local_port] <= 4999 } { 
    pool test2-pool 
  } elseif {[TCP::local_port] >= 5000 && [TCP::local_port] <= 5999 } { 
    pool test3-pool 
  } else {
    drop
  }
}

    If you are referring to the clientside context, I think it would be better to create two seperate virtual servers; one that is handling the HTTP traffic, and one that handles the HTTPS traffic.