Forum Discussion

Jacob_Becker_41's avatar
Jacob_Becker_41
Icon for Nimbostratus rankNimbostratus
Jun 21, 2006

https redirect

I'm trying to do a irule that will account for the following situation. If a person goes to https://felixlive.com I want it to redirect to https://www.felixlive.com. I've tried the following rules. 

  when HTTP_REQUEST {
log local0. "Host: [HTTP::host], URI: [HTTP::uri]"
if { [HTTP::host] starts_with "felixlive.com" } {
   log local0.  "host matched felixlive.com"
   HTTP::redirect "https://www.felixlive.com"
}
}

 when HTTP_REQUEST {
if {[HTTP::host] equals "https://felixlive.com" } {
HTTP::redirect https://www.felixlive.com
}
}

But with each attempt I'm getting a certificate problem, not to the redirect isn't working correctly. Is there something special I need to do when doing a https redirect?
application delivery
dev
devops
iRules
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Jun 21, 2006
    The first rule should work. (The second should also work if you removed the "https://" from the HTTP::host comparison -- the host is simply the hostname portion of the URL.)

     

     

    It sounds like you're getting the redirect, so the rule is working as expected, but you're getting an error because the cert name doesn't match. Unless you have a wildcard cert, that's going to happen -- a cert is specific to an FQDN, and if there is a different Host: header, most browsers will warn the user that the cert is not the one for the site being accessed.
  • Jacob_Becker_41's avatar
    Jacob_Becker_41
    Icon for Nimbostratus rankNimbostratus
    Jun 21, 2006
    So couple of things I want to make sure I understand correctly. With this rule I want to catch people trying to going to https. With that said I'm assuming that the rule needs to be applied to the ssl web pool that I have sent up. So when I tried the following rule

     when HTTP_REQUEST {
if {[HTTP::host] equals "felixlive.com" } {
HTTP::redirect https://www.felixlive.com/
}
}

    I received a redirect problem from my browser. My question is I also have a rule setup on the regular web pool (port 80 traffic) which is the following: 

     when HTTP_REQUEST {
log local0. "Host: [HTTP::host], URI: [HTTP::uri]"
if { [HTTP::host] starts_with "felixlive.com" } {
   log local0.  "host matched felixlive.com"
   HTTP::redirect "https://www.felixlive.com"
} elseif { [HTTP::host] starts_with "www.felixlive.com" } {
   log local0. "host matched www.felixlive.com"
   HTTP::redirect "https://www.felixlive.com"
} else {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}

    Am I getting the redirect problem from this chunk in second rule

    if { [HTTP::host] starts_with "felixlive.com" } {
   log local0.  "host matched felixlive.com"
   HTTP::redirect "https://www.felixlive.com"

    or is there something else that I'm missing?
  • Jacob_Becker_41's avatar
    Jacob_Becker_41
    Icon for Nimbostratus rankNimbostratus
    Jun 21, 2006
    Actually the more I'm digging through this the more I'm realizing that it is a problem with how the cert is setup. Thanks!!!
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Jun 21, 2006
    If by "redirect problem from my browser" you mean the cert warning, and the cert is for www.felixlive.com, then yes, that is the problem for the rule applied to the HTTPS virtual.

     

  • Jacob_Becker_41's avatar
    Jacob_Becker_41
    Icon for Nimbostratus rankNimbostratus
    Jun 21, 2006
    Actually I got that error from I'm assuming apache. With that rule applied in parallel with the other rule it would halt my ability to get to the website at all when I entered in the web address https://felixlive.com . Thats why I was wondering if I had a conflict with the other rule perhaps.