Forum Discussion
dragonflymr
Jun 09, 2017Cirrostratus
Hi,
If I am not wrong you need to accept HTTPS on standard 443 port instead of HTTP on 80, what about other ports, I assume those still will use HTTP on client side?
If it is so, first step is of course to attach clientssl profile to VS and then selectively enable it in iRule, something like that:
Something like that:
when CLIENT_ACCEPTED {
SSL::disable
if {([TCP::local_port] == 443 )} {
SSL::enable
pool MWS-MDU-COM_HTTP_POOL
}
elseif {([TCP::local_port] == 8090 )} {
pool MWS-MDU-COM_8090_POOL
}
elseif {([TCP::local_port] == 8000 )} {
pool MWS-MDU-COM_8000_POOL
}
elseif {([TCP::local_port] == 8085 )} {
pool MWS-MDU-COM_8085_POOL
}
else reject
}
BTW: It is not important to have wildcard cert, anyway you are using one VS mapped to one FQDN so you can use standard FQDN based one, ports changes are relevant for SSL.
Piotr