For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

joelvs_45274's avatar
joelvs_45274
Icon for Nimbostratus rankNimbostratus
May 16, 2008

redirects before ssl on an ssl virtual server

I have a developer that has requested a redirect for his SSL protected site. I have tried multiple things with irules and not had any success.     The scenario is that we have a site https...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
May 16, 2008

I guess this work-around would kind of cheat the whole certificate buying process as you could have multiple domains with a single cert but it's got to be possible to redirect before the SSL handshake.

 

 

 

That's the crux of the issue. If the data is encrypted, you must un-encrypt it before you can do anything else. To un-encrypt it, you must go through the SSL handshake, which is based off of a key, built for a specific host name. It's very much a chicken and egg situation, unfortunately. There's no way to issue an HTTP redirect into a still encrypted data stream, but by the time you decrypt the transaction so you CAN send the redirect, the error will have already occurred if it's going to.

 

 

This isn't a BIG-IP or iRules issue, this is something inherent in the protocol.

 

 

Colin