Forum Discussion
Mike_27130
Nimbostratus
NimbostratusHaving trouble with mangled https:// request
I have a site where a large scale communication was sent to go to mysite.com instead of www.mysite.com.
It is a secure SSL site
I wrote to try to fix the lack of the "www" this works on the redirect for
"http://mysite.com"
but not for
"https://mysite.com" --- This generates an ssl cert error before the irule change the host
I believe the host must be changed before the SSL connection is established. Is there a way to do this?
when HTTP_REQUEST{
if { not (HTTP::host] starts_with "www." ) } {
HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
}else{
HTTP::respond 301 Location "https://[getfield[HTTP::host] :1 [HTTP::uri]"
}
}
3 Replies
Michael_YatesUnfortunately the situation you are in can’t be fixed by an iRule.
An iRule can’t be run on encrypted traffic, so it must be unencrypted first. If the SSL Certificate is for https://www.website.com and the HTTPS Request is for http://website.com then you are going to get an SSL Certificate Error before the iRule can run and modify the URL.
iRule Event Order:
RULE_INIT
CLIENT_ACCEPTED
CLIENTSSL_HANDSHAKE
CLIENTSSL_CLIENTCERT
HTTP_REQUEST
hoolioCirrostratus
As Michael suggested, you can't fix this with an iRule which redirects to the correct hostname. You could either rewrite the references to https://mysite.com to https://www.mysite.com before the client makes a request to the wrong hostname, or you could get a UCC cert which is valid for www.mysite.com and mysite.com.
Here are a few related posts:
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=19136&ptarget=19143
http://devcentral.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/aff/5/aft/62114/afv/topic/Default.aspx62143
Aaron
Mike_27130Thanks - It makes sense now. Bad news but makes sense.
I'll probably end up getting a new cert.
