For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Wayne_159516's avatar
Wayne_159516
Icon for Nimbostratus rankNimbostratus
Jun 03, 2014
Solved

Redirect or Append URI with a new path /newpath, for a https website.

What is the best way to handle an https site that requires authentications, but would like the F5 to append or redirect traffic to a new path?   https://exam.mycomp.com/ to https://exam.mycomp.com...
application delivery
devops
iRules
LTM
  • Cory_50405's avatar
    Cory_50405
    Jun 04, 2014

    You should be able to use the same iRule on your 443 virtual server as long as you apply a client SSL profile. If your servers on the back end are expecting SSL, then yes you will need to apply a server SSL profile as well. The standard serverssl profile will do in most cases unless the server is doing some kind of certificate based authentication.

     

Wayne_159516's avatar
Wayne_159516
Icon for Nimbostratus rankNimbostratus
Jun 04, 2014

when HTTP_REQUEST {

 

if {[HTTP::host] eq "vanityname" || [HTTP::host] eq "vanityname.mycomp.com" } {

 

HTTP::redirect "https://exam.mycomp.com/newpath/"

 

} }

 

So I confirmed this works on port80/http.

 

Unfortunately, I need to get this working on port443/https on the virtual server and the backend nodes in the pool.

 

I know I probably need a client ssl profile, but do I need a server ssl profile for the backend nodes listening on 443?

 

Does the client ssl profile use the same certificate as the server ssl profile? Should the certificate be for the vanityname or the actual name?