Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Force www to non-www on SSL

conrmahr_335682
Nimbostratus
Nimbostratus

Can an F5 redirect a https request before the browser handshakes the cert? Having trouble with this iRule for redirecting https://www.domain2.org/folder. It should redirect to https://domain2.org/folder but it doesn't and just fires a certificate error because we don't have but domain.org in our Advantage Cert. Other than that everything works prefect.

when HTTP_REQUEST { 
       switch [string tolower [HTTP::host]] {
          "www.domain1.org" -
          "example1.org"
          {
            pool pool_prd_443
          }
          "www.domain2.org"
          {
            HTTP::redirect https://domain2.org[HTTP::uri]
          }
          "domain2.org"
          {
            pool pool_prd_8443
          }
       }
}
1 ACCEPTED SOLUTION

Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).

 

As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.

 

With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.

 

View solution in original post

2 REPLIES 2

JG
Cumulonimbus
Cumulonimbus

No, it can't. The HTTP functionality is not available until the network operation on SSL is completed.

 

Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).

 

As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.

 

With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.