Forum Discussion
hooleylist
Jun 02, 2011Cirrostratus
Hi John,
If you're not offloading the SSL, you could configure a single VS and pool on port 0, use an iRule to restrict access to port 80 and port 443 and use the priority setting on the pool to ensure requests only go to one server first unless it's down. If you want to ensure requests don't flip back automatically to server1 if server1 goes down and then comes back up, you could use this iRule:
http://devcentral.f5.com/wiki/default.aspx/iRules/SingleNodePersistence.html
Here's an example of the port restriction iRule as well:
when CLIENT_ACCEPTED {
switch [TCP::local_port] {
80 -
443 {
Do nothing and allow the connection to continue
}
default {
Send a reset
reject
}
}
}
Aaron