Forum Discussion
conrmahr_335682
Nimbostratus
NimbostratusForce www to non-www on SSL
Can an F5 redirect a https request before the browser handshakes the cert? Having trouble with this iRule for redirecting https://www.domain2.org/folder. It should redirect to https://domain2.org/folder but it doesn't and just fires a certificate error because we don't have but domain.org in our Advantage Cert. Other than that everything works prefect.
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"www.domain1.org" -
"example1.org"
{
pool pool_prd_443
}
"www.domain2.org"
{
HTTP::redirect https://domain2.org[HTTP::uri]
}
"domain2.org"
{
pool pool_prd_8443
}
}
}
Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).
As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.
With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.
JGCumulonimbus
No, it can't. The HTTP functionality is not available until the network operation on SSL is completed.
F5_Digger_13600Cirrus
Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).
As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.
With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.