immediate redirect when client attempts to access an HTTPS URL that will be going away

Question

This is probably a silly question but I am going to ask it anyway ...

We have a HTTPS site that we will be retiring in the near future.

We want to redirect clients who attempt to browse to that site to be redirected to the new HTTPS site.

I have done something similar to this in the past; but it has been with HTTP requests using the "when HTTP_REQUEST ..." and "HTTP::redirect ..." syntax.

The wrinkle, this time, is that we do not want to maintain (i.e. pay for) the SSL certificate for the old site.

So, is it possible to send a redirect to a client as soon as it attempts to access an HTTPS URL? Something along the lines of a "when HTTPS_REQUEST ..."?

If not, is there any other way to implement such a redirect?

Any guidance at all will be very much appreciated!

naladar_65658 · Answer

That is a good question.  You would use the when HTTP_REQUEST syntax and use the http::redirect command.  Something like this:

when HTTP_REQUEST {
if { ([string tolower [HTTP::host]] contains "your.websitename.com")} {
HTTP::redirect "https://www.yournewwebsitename.com[HTTP::uri]"
}
}

chris_miller · Answer

Are you basically saying that a user will hit an SSL Virtual Server which has an expired Cert? I'm not sure what you meant by "stop paying for."

robert_pagano_7 · Answer

Chris:
&nbsp;Yes, that is the issue. I should have been more clear. The current SSL certificate is a Verisign cert and the company does not want to pay to renew it (since the site will no longer exist). So, to give the clients some time to adjust to the fact that the site moved from https://www.originalsite.example.com/ to https://www.newsite.example.com/ , I would like the LTM to redirect the clients to the new site as soon as it sees an HTTPS connection to the "originalsite" VIP (i.e. no SSL handshaking, etc.). I just don't know if that is possible. (Whether or not it should be possible is another question, of course. Even if it is do-able, a little voice keeps whispering, "Major security no-no!").
&nbsp;Thank you.

chris_miller · Answer

Robert - since "HTTP::redirect" is limited to events that would have occurred after the SSL handshake has been completed at your expired-cert VIP, I don't really see any options here. If others have ideas, please chime in...

george_watkins_ · Answer

Hi Robert, 
  
 There is no way around a certificate error when it has expired. You also can't redirect from one HTTPS virtual to another without getting a certificate error. When I have ran into this in the past, I usually respond with a small page that explains the circumstances and provides a link to the new site. 
  
 rule new_site_redirect { 
 when HTTP_REQUEST { 
 HTTP::respond 200 content "example.com has moved \ 
   Example.com has moved to its new home at " 
 } 
 } 
  
 I don't know if this is what you were looking for, but it has been a nice work around for me in the past.  
  
 -George

Forum Discussion

immediate redirect when client attempts to access an HTTPS URL that will be going away

8 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Anchor Link Redirect

Slowdown of login attempts on APM SSLVPN

url redirect

SSH window closes immediately after login

Find connection attempts via source IP