Forum Discussion
Irule for www removal on https
- Aug 29, 2019
Hi,
Can you try this iRule in browser's incognito mode?
when HTTP_REQUEST { if {[string tolower [HTTP::host]] starts_with "www."}{ log local0. "hostname = [HTTP::host]" HTTP::redirect "https://[substr [HTTP::host] 4][HTTP::uri]" } }
Hi,
Can you try this iRule in browser's incognito mode?
when HTTP_REQUEST {
if {[string tolower [HTTP::host]] starts_with "www."}{
log local0. "hostname = [HTTP::host]"
HTTP::redirect "https://[substr [HTTP::host] 4][HTTP::uri]"
}
}
Hi eaa,
This is strange that when I apply that iRule I don't see a log entry inside of /val/log/ltm for what I'm expecting hostname = www.abc.company.com. The only thing that I see is that the SSL Handshake failed which mean that for some reason it is skipping this irule. Any ideas as to why? The only thing that is different on this VS is that there is a pool assosiated with this and the other VS doesn't.
Thanks
- David_MSep 04, 2019Cirrostratus
Sounds like the ssl handshake fails because the CN name on the certificate doesn't match once you trim it?
- EmaSep 04, 2019Nimbostratus
It doesn't seem to execute the iRule that eaa provided me at all because I'm not able to see log entries for the hostname inside of the log. All I see is the SSL Handshake failures.
- David_MSep 04, 2019CirrostratusYou see the failures on the ltm log or packet capture?
- Sep 04, 2019
I think, you're getting a ssl handshake failures due to a multilevel subdomain.
A wildcard inside a name only reflects a single label and the wildcard can only be left most. Thus *.*.example.org or www.*.example.org are not possible. And *.example.org will neither match example.org nor www.subdomain.example.org, only subdomain.example.org
- EmaSep 05, 2019Nimbostratus
I'm using a wildcard that is why I wanted to get the iRule to remove the www from the original url.
The problem is now resolved. Here is what is happening. When I go to https://www.abc.company.com I would get the ssl warning potential security risk warning page with the iRule that I applied. I didn't go further and click on accepting the risk and thought the iRule didn't work. I didn't realize that it first have to hit the initial page before the iRule is applied but once I accepted the iRule did what it was supposed to and redirected me to the correct redirect https://abc.company.com.
I want to thank everyone that gave suggestions to this issue and sorry for killing off some of your braincells for my misunderstanding of the sequence of events that need to occur before the iRule would execute.
Thanks
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com