Forum Discussion

conrmahr_335682's avatar
conrmahr_335682
Icon for Nimbostratus rankNimbostratus
Oct 05, 2017

Force www to non-www on SSL

Can an F5 redirect a https request before the browser handshakes the cert? Having trouble with this iRule for redirecting https://www.domain2.org/folder. It should redirect to https://domain2.org/folder but it doesn't and just fires a certificate error because we don't have but domain.org in our Advantage Cert. Other than that everything works prefect.

when HTTP_REQUEST { 
       switch [string tolower [HTTP::host]] {
          "www.domain1.org" -
          "example1.org"
          {
            pool pool_prd_443
          }
          "www.domain2.org"
          {
            HTTP::redirect https://domain2.org[HTTP::uri]
          }
          "domain2.org"
          {
            pool pool_prd_8443
          }
       }
}

2 Replies

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    No, it can't. The HTTP functionality is not available until the network operation on SSL is completed.

     

  • Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).

     

    As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.

     

    With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.