For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ema's avatar
Ema
Icon for Nimbostratus rankNimbostratus
Aug 23, 2019
Solved

Irule for www removal on https

I would like to remove the www from the url but is having some issues with the code on one of my vip. I currently have 2 vips: 1 is for http redirection to https with that includes the www ...
application delivery
iRules
LTM
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Aug 29, 2019

    Hi,

    Can you try this iRule in browser's incognito mode?

    when HTTP_REQUEST {
    if {[string tolower [HTTP::host]] starts_with "www."}{
        log local0. "hostname = [HTTP::host]"
        HTTP::redirect "https://[substr [HTTP::host] 4][HTTP::uri]"
    }
}

Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Aug 29, 2019

Hi,

Can you try this iRule in browser's incognito mode?

when HTTP_REQUEST {
    if {[string tolower [HTTP::host]] starts_with "www."}{
        log local0. "hostname = [HTTP::host]"
        HTTP::redirect "https://[substr [HTTP::host] 4][HTTP::uri]"
    }
}

Ema's avatar
Ema
Icon for Nimbostratus rankNimbostratus
Sep 04, 2019

Hi eaa,

 

This is strange that when I apply that iRule I don't see a log entry inside of /val/log/ltm for what I'm expecting hostname = www.abc.company.com. The only thing that I see is that the SSL Handshake failed which mean that for some reason it is skipping this irule. Any ideas as to why? The only thing that is different on this VS is that there is a pool assosiated with this and the other VS doesn't.

 

Thanks

  • David_M's avatar
    David_M
    Icon for Cirrostratus rankCirrostratus
    Sep 04, 2019

    Sounds like the ssl handshake fails because the CN name on the certificate doesn't match once you trim it?

  • Ema's avatar
    Ema
    Icon for Nimbostratus rankNimbostratus
    Sep 04, 2019

    It doesn't seem to execute the iRule that eaa provided me at all because I'm not able to see log entries for the hostname inside of the log. All I see is the SSL Handshake failures.

  • David_M's avatar
    David_M
    Icon for Cirrostratus rankCirrostratus
    Sep 04, 2019
    You see the failures on the ltm log or packet capture?
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Sep 04, 2019

    I think, you're getting a ssl handshake failures due to a multilevel subdomain.

     

    A wildcard inside a name only reflects a single label and the wildcard can only be left most. Thus *.*.example.org or www.*.example.org are not possible. And *.example.org will neither match example.org nor www.subdomain.example.org, only subdomain.example.org

    REF

  • Ema's avatar
    Ema
    Icon for Nimbostratus rankNimbostratus
    Sep 05, 2019

    I'm using a wildcard that is why I wanted to get the iRule to remove the www from the original url.

     

    The problem is now resolved. Here is what is happening. When I go to https://www.abc.company.com I would get the ssl warning potential security risk warning page with the iRule that I applied. I didn't go further and click on accepting the risk and thought the iRule didn't work. I didn't realize that it first have to hit the initial page before the iRule is applied but once I accepted the iRule did what it was supposed to and redirected me to the correct redirect https://abc.company.com.

     

    I want to thank everyone that gave suggestions to this issue and sorry for killing off some of your braincells for my misunderstanding of the sequence of events that need to occur before the iRule would execute.

     

    Thanks