Forum Discussion

veyond_113181's avatar
veyond_113181
Icon for Nimbostratus rankNimbostratus
Mar 13, 2007

redirect domain.com to https://www.domain.com

I am using a http redirect rule to redirect all http traffic to https. That works fine but the problem I am having is that the SSL cert is only for www.domain.com. The client is very picky and wants domain.com to work as well. So, I have created the following rule:

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] equals "http://domain.com"}{

 

HTTP::redirect "https://www.domain.com[HTTP::uri]"

 

}

 

}

 

 

The problem is I am not sure where to put this. I have added it to the irules for www.domain.com but it doesnt work. When i try to create a new virtual server and point it to the same IP address I get:

 

 

 

01070333:3: Virtual Server domain.com illegally shares both address and vlan with Virtual Server www.domain.com.

 

 

What is the best way to take all domain.com traffic and forward it to www.domain.com?

 

Thanks,

 

Tate

 

 

 

  • The way that I do it is the following:

     

     

    Irule:

     

     

    when HTTP_REQUEST {

     

    HTTP::redirect "https://www.domain.com/"

     

    }

     

     

    I then have two Virtual Servers. One for HTTP(port 80) and one for HTTPS(port 443), both have the same IP address. Then apply the above iRule to the HTTP virtual server, and it works fine.

     

     

    Let me know if you need any clarification.

     

     

    Trevor.
  • The value of HTTP::host does not include the protocol specifier. This should work for you.

    when HTTP_REQUEST {
      if { [HTTP::host] eq "domain.com" } {
        HTTP::redirect "https://www.domain.com[HTTP::uri]"
      }
    }

    The only issue you need to be aware of with redirects is that you don't to get into a infinite loop where you keep redirecting to the same iRule recursively.

    Theoretically it's best practice to create separate virtuals for each port (80 and 443). This will also help avoid recursive redirection.

    -Joe
  • Yes, I have both 80 and 443 set up. This seems to be working perfectly. Thank you for the help