Separate VIPs and pools are certainly one way, but this is what it might look like otherwise:
-
Port 80 VIP and simple iRule to redirect all requests to port 443 VIP.
-
Port 443 VIP (same IP address), a client and server SSL profile, 2 pools, and an iRule:
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"abc.xyz.com" {
pool abc_pool
}
"abc12.xyz.com" {
pool abc12_pool
SSL::disable serverside
}
}
}
The abc_pool would contain your port 443 servers and the enabled serverssl profile would appropriately re-encrypt to these servers. The abc12_pool would contain your port 80 servers and the iRule would disable the serverssl profile.