Forum Discussion
Archie_128388
Nimbostratus
NimbostratusHTTPS rewrite to HTTP.
Hi Everyone,
Yes, you read that right, I want to change HTTPS bound traffic to HTTP and was wondering if this can be done via an iRule?
I have seen lots of threads for HTTP to HTTPS, but not the...
rob_carr
Cirrostratus
CirrostratusYou can do this, but the F5 won't have the correct certificate for the site the client(s) are trying to reach, and this will cause browser warnings and in some cases, the browser will refuse to go to the site. For users that push through the warnings, you could then return a redirect to the original host via HTTP using the iRule/HTTP Class/Local Traffic Filter mechanisms described on DevCentral.
If you don't want the browser warnings and if you control the endpoints, you could create a root certificate, push that out to all browser caches, and then use said root certificate to sign a wildcard certificate that you use to handle all client SSL sessions. Since the signing certificate is in the browser cache, no warnings, then you send the redirect.
Keep in mind that the solution I am describing is very indiscriminate - it's going to affect every SSL connection attempt. When the CTO sees that their online banking traffic is affected, they might make you rip it all out.
Hope this helps.