Stealth redirection of HTTPS

Question

Hi Guys!&nbsp;
Would like to ask if the stealth redirection of a website possible in HTTPS example&nbsp;
http://f5.com/ss to https://f5.com/a&nbsp;
I will be able to view the content of https://f5.com/a but on my address bar I see is http://f5.com/ss&nbsp;
We can do stealth redirection with HTTP however not quite sure for https?&nbsp;
Thanks! &nbsp;

ianb · Answer

What you're trying to do is exactly what the chain of trust that SSL uses to verify a website was designed to prevent. &nbsp;
I'm simplifying slightly, but when a certificate is issued for a website, it is signed by a trusted authority. That authority is deemed to be trusted because their root certificates are implicitly trusted by the browser. Geotrust, Digitrust, etc all have certificates that are pre-installed on every current operating system.  In other words, when the website's certificate says it is valid for  *.f5.com, that statement is signed by a chain of certifcates that end in one that the browser implicitly trusts.&nbsp;
Having said that, if you control the clients and have installed your certificate on them and told them to trust it as root CA, then you can set up a scenario where the BigIP is able to substitute the real website's certificate with one that it generated and signed on the fly, and the client will trust it because it trusts the signer.&nbsp;
We have a document which explains in more detail how it works, and how to configure it 
If you're interested, please take a look at our SSL intercept deployment guide&nbsp;
Note that if you were to deploy this without the trusted root certificate on the client, then any browser being directed through the service would alert the user that every https:// site's certificate could not be validated.&nbsp;

kai_wilke · Answer

Hi Cathy,&nbsp;
after Ian's answer, I'm somewhat unsure if you need the stealth redirect in a forward proxy (aka. a Browser accesses the internet) or a reverse proxy scenario (aka. the internet access your web servers. &nbsp;
I you need the stealth redirect in a forward proxy scenario then Ian's answer would be the solution.&nbsp;
But if you need the silent redirect in a reverse proxy scenario, then you have to configure SSL-Termination of your Virtual:443, by assigning a Client- and Server-SSL-Profile. In this case the F5 can terminate and inspect the HTTPS request and then perform any kind of content manipulation.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_ssl_profiles.html&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

Stealth redirection of HTTPS

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

F5 HTTPS Redirect 2025

(HTTP) Redirection via Arbitrary Host Header

HTTP To HTTPS Redirect 301

How to achieve hiding internal URLs and HTTP dynamic redirection with F5 XC HTTP Load Balancer

Http redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS