Force www to non-www on SSL

Question

Can an F5 redirect a https request before the browser handshakes the cert? Having trouble with this iRule for redirecting https://www.domain2.org/folder. It should redirect to https://domain2.org/folder but it doesn't and just fires a certificate error because we don't have  but domain.org in our Advantage Cert. Other than that everything works prefect.
when HTTP_REQUEST { 
       switch [string tolower [HTTP::host]] {
          "www.domain1.org" -
          "example1.org"
          {
            pool pool_prd_443
          }
          "www.domain2.org"
          {
            HTTP::redirect https://domain2.org[HTTP::uri]
          }
          "domain2.org"
          {
            pool pool_prd_8443
          }
       }
}

f5_digger_13600 · Accepted Answer

Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).
&nbsp; As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.&nbsp;
With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.&nbsp;

jg · Answer

No, it can't. The HTTP functionality is not available until the network operation on SSL is completed.&nbsp;

Forum Discussion

Force www to non-www on SSL

2 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Set your Preferred Domain (www or non-www)

Generic irule to redirect www to non-www

What are You a Force For?

https non www redirect

Brute Force protection for single parameter like OTP