Forum Discussion

ictengineer_124's avatar
ictengineer_124
Icon for Nimbostratus rankNimbostratus
Nov 17, 2013

Can you redirect https//domain.com to https://www.domain.com

Is it possible to rediect https://domain.com to https://www.domain.com?

 

I've searched but couldn't get any answers or suggestion.

 

Thanks Mark

 

  • Try this:

    when HTTP_REQUEST {
        if { [string tolower [HTTP::host]] equals "domain.com" } {
            HTTP::redirect "https://www.domain.com"
        }
    }
    

    If you need to also preserve the URI in the request, use this instead:

    HTTP::redirect "https://www.domain.com[HTTP::uri]"
    
  • As long as you're offloading the SSL on the F5 with a client SSL profile, then yes.

     

  • Hi Kevin

     

    We are offloading https://www.domain.com. We are not offloading https://domain.com (just need this to redirect to https://www.domain.com. Can this work?

     

  • If you cannot see the layer 7 (HTTP) traffic, then you also cannot write to it. So assuming www.domain.com and domain.com resolve to the same IP and F5 VIP, you basically have three options:

     

    1. Apply a wildcard certificate to the client SSL profile - *.domain.com

       

    2. Apply a SAN certificate to the client SSL profile - like a wildcard but specific to a list of server names in the subjectAltName field of the cert.

       

    3. If your clients are all capable of TLS (anyone using an OS/browser later than WinXP/IE6), you can use a TLS extension called SNI, or Server Name Indicator, where the client specifies the server name in its TLS CLIENTHELLO message. You could then create separate client SSL profiles, each with its own certificate, set the server name field in the profile to match the subject name of the certificate, and then apply all to the VIP. The VIP will choose the correct profile based on the client's request.