Correct KS.. the BIG-IP is listening on 443 and forwards to 443. If I add client and server ssl profiles I get the trust error. The problem is these are public web sites being served so can not have trust issues :(
What I am trying to do is direct traffic to specific pools based on the uri. We have migrated part of the site to a new server, when we move it all then this will not be a problem as all traffic can be forwarded (saying that.. this has prompted me to seriously consider ssl offloading) and no uri check will happen.
this is my irule (all names changed to protect the innocent).. so if you hit www.mysite.com/abc you will go to one set of servers.. anything else you hit the originals.
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
if { $uri starts_with "/abc" } {
pool W_APool_443
} else { pool W_BPool_443 }
}