Forum Discussion

Nimbostratus

May 15, 2008

redirects before ssl on an ssl virtual server

I have a developer that has requested a redirect for his SSL protected site. I have tried multiple things with irules and not had any success. The scenario is that we have a site https...

Historic F5 Account

May 16, 2008

I guess this work-around would kind of cheat the whole certificate buying process as you could have multiple domains with a single cert but it's got to be possible to redirect before the SSL handshake.

That's the crux of the issue. If the data is encrypted, you must un-encrypt it before you can do anything else. To un-encrypt it, you must go through the SSL handshake, which is based off of a key, built for a specific host name. It's very much a chicken and egg situation, unfortunately. There's no way to issue an HTTP redirect into a still encrypted data stream, but by the time you decrypt the transaction so you CAN send the redirect, the error will have already occurred if it's going to.

This isn't a BIG-IP or iRules issue, this is something inherent in the protocol.

Colin

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)