Forum Discussion

Luke_Baker_2127's avatar
Luke_Baker_2127
Icon for Nimbostratus rankNimbostratus
Aug 23, 2015

Content aware routing to HTTPS pools using a single virtual server

Hey there,

 

I currently have a virtual server that is serving content from a single pool. The virtual server is doing SSL bridging and redirects port 80 traffic to 443. I recently got the request to do the following:

 

https://mysite.com/chat --> send traffic to -->

 

I set up an iRule to set the pool to the one that contains 'my-local-server' if the URI ends_with '/chat'. When I turned on logging I could see the rule firing, however when you attempt to browse or curl that particular path the HTTP response is a 'connection reset'.

 

I have a hunch that this has to do with the SSL bridging that is configured on the virt, as 'my-local-server' is using a different certificate than 'mysite.com'. Do I need a specific SSL Server profile for this, or am I going down the wrong path?

 

APM
application delivery
availability
design
devops
iRules
LTM
security

4 Replies

Sort By
  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Aug 23, 2015
    • what does "SSL bridging" mean?
    • does the request involve changing the Host headers from mysite.com to my-local-server?

    Maybe show the config of the virtual server so its clear what it is doing.

     

  • Luke_Baker_2127's avatar
    Luke_Baker_2127
    Icon for Nimbostratus rankNimbostratus
    Aug 24, 2015

    SSL bridging meaning that the client HTTPS connection is terminated at the virtual server, and then re-encrypted to the nodes.

     

    Instead of doing a redirect, I would like to keep the URL as 'mysite.com/chat'.

     

    • Mohamed_Lrhazi's avatar
      Mohamed_Lrhazi
      Icon for Altocumulus rankAltocumulus
      Aug 24, 2015
      Thanks. So, the pool for my-local-server is green? does it have an https monitor? Try loading a page using curl on the BIGIP, like : curl -kvI -H "Host: mychat.com" https://ip-address-of-server Maybe show the iRule you are using as well.