https://www.a.com/ to https://www.b.com redirect

Question

Is there any way to use an irule to redirect https requests from one url to another in the case of a failure? Added to this is the fact that my ssl certs are on the servers and not on the F5s. I currently do http redirects through a fallback host but this will not work with https.

colin_walker_12 · Answer

Unfortunately this isn't something that can be done due to two things.  &nbsp;
&nbsp;1.)  v4.x of the BIG-IP systems aren't Bi-directional proxies.  This means that the traffic going out from the server to the customer isn't visible to the device.&nbsp;
&nbsp;2.)  Even in BIG-IP v9.x, where the traffic coming from the server to the client would be visible, the SSL would have to be terminated on the BIG-IP so that it could read the packet information to determine whether there was a failure on the webserver.&nbsp;
&nbsp;HTH,
&nbsp;-Colin

chris_stierle_1 · Answer

Colin,&nbsp;
&nbsp;thanks for the response. I'm not sure that I completely understand the issue though. In my case I do not want any connection to reach the server behind the F5. I want a re-direct to be sent from the F5 to the client anytime they try to connect to https://www.a.com.&nbsp;
&nbsp;I believe you are correct in that it won't work but I am trying to understand the reason.&nbsp;
&nbsp;Thanks again.

martin_machacek · Answer

Chris,
if all that you want to achieve is what you've described in your last post (which is a much simpler problem than what you've described in your first post), then the solution is as follows:
- put copy of your private key and certificate for www.a.com on the 
  BIG-IP,
- configure SSL proxy for IP address to which www.a.com resolves,
- configure the proxy to refer to a virtual server,
- configure the virtual server to use a rule with single "redirect to"
  statement.
The configuration may look like this:
rule www.a.com-redirect {
   redirect to "https://www.b.com"
}
virtual 127.1.1.1:80 {
   use rule www.a.com-redirect
}
proxy www.a.com:https {
   target virtual 127.1.1.1:80
   clientssl enable
   clientssl key www.a.com.key
   clientssl cert www.a.com.crt
}
Notes:
- it is actually better to put IP address as virtual and proxy names 
  than DNS names, because if DNS resolutions are not available at the 
  time the machine boots and there is no entry for www.a.com in 
  /etc/hosts the configuration load will fail,
- you can use unofficial self-signed certificate for the proxy, if you 
  don't mind that customers will get browser warnings about untrusted 
  and unverifiable certificate when accessing https://www.a.com.

colin_walker_12 · Answer

As mmac has detailed above, your revised request is definitely possible.  I was under the impression that you wanted to set up something different involving features that weren't available to you.&nbsp;
&nbsp;-Colin

chris_stierle_1 · Answer

mmac and colin,&nbsp;
&nbsp;Thank you both for the explinations and sorry for the confusion. Basically, we have one url that we are no longer going to use and the business unit doesn't want to have to inform people that a new url is available. They just want people that go to the old url to be re-directed. I think it is a bad idea and a waste of resources but I really don't have much of a say at this point.&nbsp;
&nbsp;I figured we could do it if we put the cert on the F5 but I was just wondering if I could do a re-direction without it. My guess was that we could not.&nbsp;
&nbsp;Thanks again for the information.

Forum Discussion

https://www.a.com/ to https://www.b.com redirect

5 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

which virtual server will be hit?

Questions on device trust

Restore configuration to GTM Sync Group device

BIG IP LTM BEST PRACTICES

Related Content

F5 HTTPS Redirect 2025

(HTTP) Redirection via Arbitrary Host Header

Rewriting Redirects

Anchor Link Redirect

BIG-IP Solutions: Simple URL Redirects