For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tariq_Akram's avatar
Tariq_Akram
Icon for Nimbostratus rankNimbostratus
Aug 30, 2016

To redirect https to http

How to redirect if somebody key in manually the https://www.test.com instead of http://www.test.com? The page will show certificate error if we key in https. How the iRules will be?   Thank you in...
application delivery
BIG-IP
LTM
Henrik_S's avatar
Henrik_S
Icon for Nimbostratus rankNimbostratus
Aug 30, 2016

This is related to how the SSL connection is established and how the browser is supposed to present the user with a warning if he connects to a server that presents a certificate that doesn't contain the www.test.com FQDN in either common name or subject alternate name fields.

So to clearify:

  • You will need a certificate which includes www.test.com or *.test.com in either common name or subject alternate name. This certificate must again be signed by a CA that the clients browsers trust.
  • You will need to create a custom clientssl profile that uses the above certificate

  • You will need to create a custom iRule:

    when HTTP_REQUEST {

    HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri] }

  • You will need to create a virtual server that listens on the same VIP as the one you use for the normal HTTP virtual server. On this you will need to bind a HTTP profile and the above mentioned iRule.

While I was typing my reply, you updated your question. So, in that case, you need to have two certificates or a SAN certificate that covers both www.test.com and www.testonline.com and bind both two your HTTPS VS.

For the iRule, the correct syntax would then be:

when HTTP_REQUEST {
     if {[string tolower [HTTP::host]] equals "www.test.com" {
            HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri]
    }
}