Rewrite HTTPS requests

Question

I have little experience with iRules en am now confronted with the next issue. We would like to keep a public url in place but use the pool from another public pool. This all runs in https. Meaning certificate issues appear. I need to rewrite because in the first request is already a lot of extra data that would be lost if a redirect is made. Below the iRule that I am trying to get up and running. &nbsp;
www.first.com rewrite to www.second.com
replace certificate first with second
when CLIENT_ACCEPTED {
   log local0. "in CLIENT_ACCEPTED []"
   SSL::profile 
}
when HTTP_REQUEST {
log local0. "host in is [HTTP::header "Host"]"
log local0. "location in is [HTTP::uri]"
SSL::renegotiate
HTTP::header replace "Host" "www.second.com"
HTTP::uri "/dir1/dir2[HTTP::uri]"
log local0. "host out is [HTTP::host]"
log local0. "path out is [HTTP::path]"
pool www-second-com-https }&nbsp;

stephanmanthey · Answer

Hi Willy,
if the client connects to "www.first.com" it expects a server certificate with this common name.
This will be as well the value of the host header the client sends. 
You can use the command "HTTP::header replace" to replace the host header on the fly to make sure your server receive the expected one:  
HTTP::header replace Host "www.second.com"

It will be possible as well to use the "HTTP::uri" command to replace the URI on the fly.
If your servers response will contain references to "www.second.com" it will be necessary to rewrite them or leave them as they are.
From my perspective there is no need to renegotiate the SSL-connection.
In case your client will now send requests for "www.second.com" you can use a second virtual server with another client-ssl profile or in case your clients can use SNI (server name indication) a second client-ssl profile on your virtual server will provide the expected server certificate if the client initiates a new SSL-connection.
Thanks, Stephan

willy · Answer

Hi Stephan,
Your reply made me think everything over again. Specialy the part on SSL. Since the initial concept was with a redirection the serverssl was not configured. After doing this, everything worked fine. Below the part that does the trick  www.first.com rewrite to www.second.com/dir1/dir2
  when HTTP_REQUEST {
     HTTP::header replace "Host" "www.second.com"
     HTTP::uri "/dir1/dir2[HTTP::uri]"
     pool www.second.com 
     }

Many thanks, Willy

stephanmanthey · Answer

Hi Willy, thanks for the feedback! :) Best regards, Stephan

Forum Discussion

Rewrite HTTPS requests

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

SSL cipher

CPU utilization of F5OS on r2600

F5OS VLAN naming length restrictions

iApps with load ucs Platform-migrate on newer hardware

Raise your hand if you'll be at AppWorld 2026

Related Content

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

HTTP Request Throttle

Handling HTTP Requests on an HTTPS Virtual Server

Rewrite http:// to https:// in response content

APM HTTP Connector request and HTTP Headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS