Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Force www to non-www on SSL

Can an F5 redirect a https request before the browser handshakes the cert? Having trouble with this iRule for redirecting https://www.domain2.org/folder. It should redirect to https://domain2.org/folder but it doesn't and just fires a certificate error because we don't have www.domain2.org but domain.org in our Advantage Cert. Other than that everything works prefect.

when HTTP_REQUEST { 
       switch [string tolower [HTTP::host]] {
          "www.domain1.org" -
          "example1.org"
          {
            pool pool_prd_443
          }
          "www.domain2.org"
          {
            HTTP::redirect https://domain2.org[HTTP::uri]
          }
          "domain2.org"
          {
            pool pool_prd_8443
          }
       }
}
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Potential solution would be to use SNI (https://devcentral.f5.com/articles/ssl-profiles-part-7-server-name-indication).
As Jie said, SSL negotiation process occurs before HTTP event/process. Therefore whatsoever you need to terminate SSL before you do something with HTTP.
With SNI, you can terminate multiple domain SSL (applying multiple client SSL profiles). After that, by using iRue, you can do whatever you want to do with HTTP.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

No, it can't. The HTTP functionality is not available until the network operation on SSL is completed.

0