F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Jul 15, 2011

https to https redirect to different hostname

I know there are a bunch of redirect irules out there already (I have a few I am already playing with) but I was wandering if how straight forward it would be to do the following:-

 

 

SiteA is a VS that is SSL Offloaded on the F5

 

 

SiteB is a different VS (different hostname) that uses SSL Passthrough (not offloaded)

 

 

 

 

I would like to redirect any traffic that hits to without the user getting any kind of certificate mistmatch error.

 

 

application delivery
dev
devops
iRules

2 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Jul 15, 2011
    Hmmm, I'd have to test this as I think your user might get a warning regardless when redirecting away from an SSL site. Not a cert mismatch error, but a warning that the site is sending you elsewhere.

     

     

    It'd be trivial to write the rule. There wouldn't be a cert mismatch as long as they used the correct hostname to access both sites where the certs were decrypted. You'd just use a basic HTTP::redirect and be on your way. The real question is will the browser squawk about leaving the original site?

     

     

    Colin
  • jondyke_46152's avatar
    jondyke_46152
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2011
    Turns out that is not what they wanted at all. What they wanted was to change the middle of the URL whilst leaving the ending alone.

    So for example:- http://joe.bogs.com/DocumentRenderer.svc/xxxxx/yyyyy/ to http://dave.jones.com/folder/folder/DocumentRenderer.svc/xxxxx/yyyyy/

    Not tested it yet but wandering is this would work? 

    when HTTP_REQUEST { 
  
   Check if path starts with http://centraldatawebpublicdev.assureweb.co.uk/DocumentRenderer.svc
    if { [string tolower [HTTP::path]] starts_with "/DocumentRenderer.svc"}{ 
  
        Replace https://centraldatawebpublicdev.assureweb.co.uk/DocumentRenderer.svc with 
   https://aswmaindev.assureweb.co.uk/UiServices/UiServices.Public/DocumentRenderer.svc in the path 
       HTTP::redirect [string map {https://centraldatawebpublicdev.assureweb.co.uk/DocumentRenderer.svc https://aswmaindev.assureweb.co.uk/UiServices/UiServices.Public/DocumentRenderer.svc} [string tolower [HTTP::path]] ] 
    }
 }

    If this does work then they I am assuming that they are still going to get an issue with https is used as the hostnames are different.