Need help on i-rule to specific uri path

because the "else" is basicaly reject, you can just simply assing the pool to the virtual server and bind below traffic policy to the virtual server.

it is better to use local traffic policy instead of irules scripting due to better performance and avoid scripting typo.

Sanjay and Aaron, thanks for your input.v I'm getting a little closer. On the initial HTTP GET request this i-rule is working. However, when the testers attempt a POST, they error out with the insecure message. 

I have pasted the new i-rule below. I also added logging to find out why the connection is getting reset. 

The output of the log is also below the i-rule. It is the result of running a tail. It is run, greping the i-rule. 

tail -f /var/log/ltm | grep /Common/Boomi_external_redirect

Thanks for your input so far, we're close. 

when CLIENT_ACCEPTED {
  if { [class match [IP::client_addr] equals Boomi_external] } {
     pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool
 }
}

when HTTP_REQUEST {
        switch -glob [string tolower [HTTP::uri -normalized]] {
            "/ws/rest/external*" {
            if { [class match [IP::client_addr] equals Boomi_external] } {
            pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool
            } else {
             reject
              } log local0. "HTTP::reject_reason"
            } default {
          log local0. "HTTP Headers = [HTTP::host], [HTTP::uri]"
            
}
         }
      }

OUTPUT OF THE ERROR:

May 23 09:22:41 bigip1.lanl.gov err tmm1[22445]: 01220001:3: TCL error: /Common/Boomi_external_redirect <HTTP_REQUEST> - wrong # args: extra words after "else" clause in "if" command     while compiling "if { [class match [IP::client_addr] equals Boomi_external] } {               pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool                    } else {              reject    ..."     ("/ws/rest/external/*" arm line 2)     invoked from within "switch -glob [string tolower [HTTP::uri -normalized]] {                 "/ws/rest/external/*" {             if { [class match [IP::client_addr] equals Boomi_..."

The insecure HTTPS message is very unlikely to have been caused by your iRule - most likely it is because the server IP/name you are going to in order to reach the Virtual Server does not match the CN in the SSL certificate returned by the pool member.

Regarding the iRule; I strongly suggest using [HTTP::uri -normalized] to ensure that your iRule cannot be bypassed by encoding slashes or other bypasses (e.g. //, //./, %2F etc) (everyone should be doing this, really!). Other than that, Sanjay's rule above should be more efficient.

Try below

when HTTP_REQUEST {
	    switch -glob [string tolower [HTTP::uri]] {
	        "/ws/rest/external*" {
            if { [class match [IP::client_addr] equals Boomi_external] } {
		    pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool
			} else {
             reject
              }
	        } default {
            drop
	      }
         }
      }