brad_scherer_11
Apr 09, 2009Nimbostratus
Load Balance to an SSL Proxy Server
Hello,
I have an interesting problem/solution here.
We run ISA server proxies that are in a pool behind the BigIP. The BigIP hosts the VIP on port 8080.
We want to implement an iRule on the port 8080 VIP that looks for any SSL traffic and sends it a set of SSL Proxies that are not in the default ISA pool.
Here is the rule I came up with but am not sure if it written or working optimally. I was hoping to get some input from the experts here. I also have to build in a way to look for other ports that could be used for tunneling (9443, 6443, etc) but for now would be happy to just get the standard 443 traffic going to the new pool.
when HTTP_REQUEST {
if {[HTTP::uri] contains ":443"} {
pool SSL_Proxy }
log local0. "Rule for SSL_Proxy HTTPS"
}
How would I build in additional ports etc? Should this be looking in the tcp layer instead of http?
Any help would be greatly appreciated!