Forum Discussion

Suresh_89060's avatar
Suresh_89060
Icon for Nimbostratus rankNimbostratus
Dec 29, 2011

IRule to remove www. from Host

My domain is example.com and uses for web service both https/http Certificate has taken for CN example.com.Then If HTTPS, my cert is only valid for example.com and when client requests www.example.com gives a cert mismatch warning. So i use this irule for redirection. HTTP when HTTP_REQUEST { if {[string tolower [HTTP::host]] starts_with "www."}{ HTTP::redirect "http://[string range [HTTP::host] 4 end][HTTP::uri]" } } HTTPS when HTTP_REQUEST { if {[string tolower [HTTP::host]] starts_with "www."}{ HTTP::redirect "https://[string range [HTTP::host] 4 end][HTTP::uri]" } } But this works for http.But didn't work for https .Whats wrong behind this?
  • But didn't work for https .Whats wrong behind this?it is an expected behavior since SSL handshake has to be done before triggering HTTP_REQUEST event.
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    The only way to make this work is to either get another cert (for www.domain.com) or to use a wildcard cert (*.domain.com).
  • One option would be to change the DNS so that example.com and www.example.com resolve to separate IP addresses. You could then use one cert for each separate domain and redirect as you want after the SSL decryption has completed. Or you could get a single SAN cert valid for both example.com and www.example.com and use a single IP address.

     

     

    Note that a *.example.com wildcard cert will not be valid for example.com.

     

     

    Aaron