Forum Discussion
NimbostratusRewrite http header to https and change the URI same time
I have a need to write an iRule to firstly force connection from a http to https and also change the URL . I have 4 VIP's 1 for www traffic with a simple "https://[HTTP::host][HTTP::uri]" to force to https which takes it to the 443 (VIP2). But now, this url is being switched to a new URL. A connection over http://test1.mydomain.com or https://test1.mydomain.com
I need to force a 30x to the client to go to the new URL https://test2.mydomain.com . So I can write on VIP 1 :- when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
which will force to to https and then on the 443 (VIP2) I will need another iRule to re-direct to new URL such as :- when HTTP_REQUEST {
if { [HTTP::header host] eq "test1.mydomain.com" } {
HTTP::header replace Host "test2.mydomain.com"
}
}
But, will this deal with https://test1.intamac.com re-write to https://test2.intamac.com and the client/browser will not get any client SSL errors certificate not matching ?6 Replies
Thomas_GobetHi Paul,
With this kind of redirections you will have certificates errors.
Solutions you have is to show two SSL certificates or to use a wildcard one.
Geoff_LittlewooWhat do you mean show two SSL certificates ? What certificate errors ? surely I am sending a response back to the browser hence below I am suggesting using a 301 (permanent re-direct)
The SSL certificate is a customers one so I cannot do a wildcard. I was thinking of doing a HTTP::respond 301 location "https://test2.mydomain.net"
- Thomas_Gobet
Sorry I made a mistake, I wanted to tell "to use 2 certificates".
You should use 2 virtual servers, with a specific SSL profile on each.The error you will have is your certificate isn't recognized by a CA (as it's not the good FQDN).
- Geoff_Littlewoo
Thomas, I put in the question, I will have 4 VIPs > The first pair will have 1 listening on 80 and the other on 443. This is in place currently and I have a simple https://[HTTP::host][HTTP::uri] on the 80 VIP forcing the client to come back on https but , the customer is migrating to a new URL and wants to be able to force to the the new URL " test2.mydomain.com" . What I could do was a re-write on VIP 1 to https then on VIP2 re-write to the new URL "test2.mydomain.com" so the client should use the new URL even though they may have bookmarked the orginal URL. But there are a few un-knowns .... and best way to do this. Hence my questions.
- JRahm
Admin
Are you needing rewrites or redirects? I'm not quite sure from reading through the posts. Rewrites will only impact what happens behind the BIG-IP. Redirects will impact what the client sees. Assuming redirects, if both sites have valid certificates, a redirect won't throw ssl errors. Why not redirect from the original port 80 to the new port 443?
port 80 original virtual server when HTTP_REQUEST { HTTP::redirect https://test2.mydomain.com[HTTP::uri] } - Thomas_Gobet
Ok that's perfect, you won't have any issue on certificates uses.
To avoid many redirect, it should be good to redirect your customer directly from the first virtual server, and also on the second one for those who have bookmarked it.
