In my opinion, it's impossible to do this based on the http endpoint.
Reason being that the SSL/TLS-handshake happens BEFORE the client sends its http request to the server.
The endpoint (eg /contextA
) resides in that http request!
At the start of the SSL/TLS-handshake, only the hostname (eg example.com
) is available (and only if the client has SNI enabled).
So you'll need 2 different hostnames for this. For example contexta.example.com
and contextb.example.com