irule prepend www to https request

Question

I am using the irule below for an external virutal https site. The objective is to check for client https requests where the user leaves out the www. I am testing with IE , Firefox, and Chrome browsers. The results are inconsistent. When I make the first client attempt to browse to https://test.mydomain.com, I would get the typical cert error page using IE for example. Checking the irule stats, I can see the irule never processed(reset the stats before each attempt) . I would click through the warning and the irule would process and the cert works successfully. If I use the same browser that day or the next and go to https://test.mydomain.com, the irule processes , the cert works and all is good. I am thinking something is getting cached, do you have any idea what would cause this? I am clearing the cache on the browser each time before I try again. On the first attempt, IE returns the cert error page, the irule is not processed. Is this because the SSL client profile is accessed before the irule? The SSL profile is expecting www.test.mydomain.com (cert is www.test.mydomain.com) and the cert fails when it sees test.mydomain.com.&nbsp;
when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] to [HTTP::host][HTTP::uri]" switch -glob [string tolower [HTTP::host]] { "www." { log local0. "Doing nothing." } {[a-z]*} { HTTP::redirect "https://www.[HTTP::host][HTTP::uri]" log local0. "Redirecting non-www host to www.[HTTP::host][HTTP::uri]" } } }&nbsp;

iheartf5_45022 · Answer

Hi,  SSL client processing takes place before HTTP_REQUEST is fired (as until SSL is complete,  TMM cannot read the request details).&nbsp;
The browsers do all behave slightly differently (and between versions),  but in general when you click OK in the browser to view the page you are essentially caching that cert for the mismatching domain for the duration of the browser session - I don't think that clearing cache removes it - you need to close either that window or all windows to get rid of the caching.&nbsp;
If you need your site to perform a redirect from https://test.mydomain.com to https://www.test.mydomain.com then you will need to include the test.mydomain.com FQDN as a Subject Alternative Name in your certificate,  otherwise users will get the cert error.&nbsp;

georgea_32263 · Answer

IheartF5:
I greatly appreciate your explanation. Now things make sense.

Thank you.

Forum Discussion

irule prepend www to https request

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

iRule - Prepend Path to URI

Logging DNS Requests

iRule to take cookie from HTTP Response into HTTP Request via table

HTTP Request Cloning via iRules, Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS