Forum Discussion

cymru81's avatar
cymru81
Icon for Altocumulus rankAltocumulus
Apr 20, 2015

irule help!

Hi, Ive asked a similar question regarding an existing irule, though not this specifically.

 

We want to make use of just one public ip address so that depending on what host header comes in it gets directed off to a specific pool (or anything better suggested). the vip is https but i would like all the redirected traffic to go to internal http sites.

 

this would be an example:

 

user browses to "https://abc.site.co.uk" which resolves to 10.1.0.50 (over the internet) this would then go to an internal IIS web server that has a binding for this on internal ip 10.1.2.1 (http).

 

Next users browses to "https://xyz.site.co.uk" which resolves to 10.1.0.50 (over the internet) also this would also go to a different internal IIS Server that has the xyz.site.co.uk binding (http) but this Server has an internal ip of 10.1.2.2

 

Hope that makes sense, and is feasible?

 

4 Replies

  • Before going into further specifics - are all the HTTPS services you want to bundle covered by a single SSL certificate? If yes, you can do that. If not, you'll need to configure a second listener (also another ext IP will be required).

     

  • yes, we have a wildcard certificate for the domain :)

     

  • 1) Create LTM Pools:

    • pool_abc.site.co.uk_80 with a single member 10.1.2.1:80

    • pool_xyz.site.co.uk_80 with a single member 10.1.2.2:80

    2) Apply a clientside SSL profile to your Virtual Server (wildcard certificate)

    3) Create and apply the iRule:

    when HTTP_REQUEST {
      if { [HTTP::host] equals "abc.site.co.uk" }{
        pool pool_abc.site.co.uk_80 member 10.1.2.1 80
      } elseif { [HTTP::host] equals "xyz.site.co.uk" }{
        pool pool_xyz.site.co.uk_80 member 10.1.2.2 80
      }
    }
    
  • that's perfect, thank you! could I add other headers to that rule as well and (not essential) a fallback pool it would hit if no matches?