ictengineer_124
Nimbostratus
NimbostratusCan you redirect https//domain.com to https://www.domain.com
Is it possible to rediect https://domain.com to https://www.domain.com?
I've searched but couldn't get any answers or suggestion.
Thanks Mark
Forum Discussion
6 Replies
- Kevin_Stewart
Employee
Try this:
when HTTP_REQUEST { if { [string tolower [HTTP::host]] equals "domain.com" } { HTTP::redirect "https://www.domain.com" } }If you need to also preserve the URI in the request, use this instead:
HTTP::redirect "https://www.domain.com[HTTP::uri]"
VasimAltostratus
Some one help provide irule for below
https://routing-schedules-pre.cma-cgm.com/Default.aspx
should be redirected to https://iroute-pre.shipping-noprd.aws.cld.cma-cgm.com
ictengineer_124Thanks Kevin. Will this work on redirecting https as well?
- Kevin_Stewart
As long as you're offloading the SSL on the F5 with a client SSL profile, then yes.
- ictengineer_124
Hi Kevin
We are offloading https://www.domain.com. We are not offloading https://domain.com (just need this to redirect to https://www.domain.com. Can this work?
- Kevin_Stewart
If you cannot see the layer 7 (HTTP) traffic, then you also cannot write to it. So assuming www.domain.com and domain.com resolve to the same IP and F5 VIP, you basically have three options:
-
Apply a wildcard certificate to the client SSL profile - *.domain.com
-
Apply a SAN certificate to the client SSL profile - like a wildcard but specific to a list of server names in the subjectAltName field of the cert.
-
If your clients are all capable of TLS (anyone using an OS/browser later than WinXP/IE6), you can use a TLS extension called SNI, or Server Name Indicator, where the client specifies the server name in its TLS CLIENTHELLO message. You could then create separate client SSL profiles, each with its own certificate, set the server name field in the profile to match the subject name of the certificate, and then apply all to the VIP. The VIP will choose the correct profile based on the client's request.
-
