Forum Discussion

brettbeggs_1177's avatar
brettbeggs_1177
Icon for Nimbostratus rankNimbostratus
Apr 07, 2010

iRule Request - strip sub domains

I'm trying to create an iRule that can be used similar to the following mod rewrite command:     RewriteCond %{HTTP_HOST} ^.+\.(.+)\.mydomain\.com$ [NC]   RewriteRule ^(.*)$ https://%1.mydoma...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 08, 2010
Thanks for the correction on the redirect location protocol. I assumed you were using this rule on an HTTP VIP. As you found it's too late to fix this when the client is making an HTTPS request with a hostname that doesn't match the SSL cert. For HTTPS, LTM needs to decrypt the SSL before viewing the HTTP or sending an HTTP response. In order to decrypt the SSL, LTM needs to send its cert and complete an SSL handshake.

 

 

To fix this, you'd need to correct the client's request before it's made via HTTPS. So if you can add this iRule to an HTTP VIP you could prevent the insecure cert warning for the HTTPS requests. Or if clients are expected to make requests directly via HTTPS to the various hostnames, you could create separate A records to resolve the hostnames to different IP addresses.

 

 

Aaron