For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Curtis_18555's avatar
Curtis_18555
Icon for Nimbostratus rankNimbostratus
Mar 17, 2008

Multiple Host going to one vip

Hello, I am working with a client that has many URL that they want to go to one. I have tried the following and it did not work. Can some one please point me in the right direction on this?

 

 

This should work with or without "www" in front of the URL and get all of the .com, .net & .org

 

if it is one of these URL then redirect it to the https://www.google.com

 

 

when HTTP_REQUEST {

 

if {[HTTP::host] contains "google" or "yahoo" or "ask" or "msn"} {

 

HTTP::redirect https://www.google.com

 

}

 

}

 

 

Thank you for your help.
application delivery
dev
devops
iRules

7 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 17, 2008
    You might want to try using the switch statement (only because it's cleaner to look at, atleast in my mind 😄

    
when HTTP_REQUEST {
     switch -glob [HTTP::host] {
       "*google*" { HTTP::redirect https://www.google.com }
       "*ask*" { HTTP::redirect https://www.google.com }
       "*msn*" { HTTP::redirect https://www.google.com }
     }
}

    more about switches you can go to the following link

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=129

    Thanks,

    CB

  • Curtis_18555's avatar
    Curtis_18555
    Icon for Nimbostratus rankNimbostratus
    Mar 18, 2008
    Thank you, This worked great! Now that I have this working I am having a problem with all of these certs going to one. I do have a Redirect/Rewrite HTTP Profile set up on this VIP, But the client still gets Security Alert that “The Name on the security certificate is invalid or does not match the name on the site” Do you have any thoughts on how I can fix this problem? And again thank you for your help.

     

  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Mar 18, 2008
    Hi,

     

     

    the common name included in the certificate must match the host that the browser has in the url.

     

     

    is this what you have ?

     

     

    HTH
  • Curtis_18555's avatar
    Curtis_18555
    Icon for Nimbostratus rankNimbostratus
    Mar 19, 2008
    I understand what you are say here, But I am useign this iRUle to rediest 10+ URL's to one, and yes they are all https (443). So I need to find out how not get the Security pop ups and still be redirected. Thanks for your help.
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Mar 19, 2008
    hi,

     

     

    if all your hosts looks like game.someulr.com, test.someurl.com, fun.someurl.com

     

     

    you should try to have a look at wildcard certificates

     

     

    wildcard certificates look like this: *.someurl.com. this way you won't have your popup when you are redirected.

     

     

    if all your redirects are completely different url then it won't be possible.

     

     

    iRules won't be able to help for this
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 19, 2008
    If the hosts aren't on the same domain, you could also try getting a certificate with multiple subject alternate names (SANs). Try searching online or in this forum for some additional info.

     

     

    Aaron
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 19, 2008
    Yep, unfortuantly there is no way to intercpet the https request to look for that information before the security alert is presented. You have hit the check and egg with this one. Wildcard is usually the only answer as, nmeanant has stated.

     

     

    /cb