Forum Discussion
razorack_110239
Nimbostratus
NimbostratusHow to choose which virt based on header
I posted yesterday with an issue with my F5 and https redirection to a uri that did not have www in it and realized after reading several pot that this will not work due to how SSL works.
So now today I have made the decision to purchase a cert for both domains the one with www and the one without.
Now what I need to be able to do is get the F5's to make the decision on which virt to the send the traffic to depending on what the user types into their browser:
If user types https://www.aciphexoffer.com go to virt www.aciphexoffer.com
If user types https://aciphexoffer.com go to virt aciphexoffer.com
Each virt of course has different VIP's
Can anyone help me out here with an iRule that will do this or a method to accomplish this.
Thanks in advance,
razorack--
razorack_110239when HTTP_REQUEST {
if {[HTTP::host] starts_with "www."} {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
} else {
HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
}
}
This is the iRule I was trying to use yesterday to do the first problem, is there a way to utilize this iRule and tell it which virt to send the traffic?
razorack---
David_RemingtonEmployee
Do you want both virtual servers to use the same IP address? If so you have a catch-22 as you have to decrypt the traffic *before* an iRule can inspect the HTTP header. The earliest possible event during which you would be able to discern the hostname in the request is CLIENTSSL_HANDSHAKE which is invoked *after* the decryption.
If you have the two hostnames on different IPs, this is easy and you don't need an iRule at all, just use the appropriate cert on each virtual server.
I have a customer who has had success with using certificates with subject alternative names to allow a single vip and a single cert to service multiple hostnames, which resolves the very problem you are having.