Forum Discussion

DM_5174's avatar
DM_5174
Icon for Nimbostratus rankNimbostratus
May 10, 2011

HEADER Rewrite without redirect trusted site Pop-up error on Internet Explorer..

Hi All,

We have an issue where one URL shares the same IP address with the other (e.g. URL1=1.1.1.1 and URL2=1.1.1.1). We want to eventually decomission URL1 and have users go in to URL2 but the trusted site pop-up is driving everyone crazy.

Currently we have an I-Rule on the LTM that when users types in http://www.URL1.com, they get redirected

by the i-rule to https://www.URL2.com. This however gives an oop-up error if you're using Internet Explorer

as seen below. You have to click yes or no to continue or add the domain in your trusted site list to avoid

future popups. This needs to be transparent to the users.

The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this?

"Current site: http://www.URL1.com"

"Trusted site: http://www.URL2.com"

    Rewrite Host Header iRule 
    when HTTP_REQUEST { 
        if { [HTTP::host] equals www.URL1.com } {       
         Rewrite host        
        HTTP::header replace Host www.URL2.com        
       
        if nothing matches above, still redirect from HTTP to HTTPS for this session       
       } else { 
       HTTP::redirect "https://[HTTP::host][HTTP::uri]"     
     } 
}

Question: Can we have an i-Rule that rewrites the URL when the users connects from http://www.URL1.com to HTTPS://www.URL2.com transparently for the connected users so it looks like their initial connects seems to come in on http://www.URL2.com so that they do not get the "trusted site pop-up". All sessions after this rewrite should connect as the new .com?

Thanks,

-DM
application delivery
dev
devops
iRules

9 Replies

Sort By
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    May 10, 2011
    Hi DM,

     

     

    If you are planning on eventually retiring URL1, wouldn't this workaround be temporary and require you to address it eventually?

     

     

    Is this an Internal Website? Can you fix your issue by adding the website to the trusted sites of your domain users with a GPO?
  • DM_5174's avatar
    DM_5174
    Icon for Nimbostratus rankNimbostratus
    May 10, 2011
    Hi Michael,

     

     

    The site is external and it can get resolved if the connecting users adds it to their trusted site, however, we would like to accomplished this so they don't

     

    have to go through this extra step since the connecting users are external. The underlining issue is that the LB is redirecting you to another URL and IE does not

     

    like that therefore it throws an error. We want to somehow rewrite the URL without redirecting the users if possible to avoid this popup error. So if they

     

    put http://www.URL1.com, their brower will get refreshed/reconnected as https://www.URL2.com. Can this be done or do we have to setup a new IP and

     

    VS on the LTM and apply the redirect rule there so they go out and come in as https://www.URL2.com?

     

     

    As a note: URL1 and URL2 uses the same external IP address, so it makes it a little bit more difficult since it goes to the same VS with SSL profile allocated to that VS.

     

     

    Thanks,

     

    -DM
  • DM_5174's avatar
    DM_5174
    Icon for Nimbostratus rankNimbostratus
    May 10, 2011
    I have tried this below and it still does not work. Can anyone help?

    1. Rewrite without Redirecting the incoming URL request from http://www.URL1.com to https://www.URL2.com

    2. After the rewrite, the user will login to the web page, so all request/HTTP post after that goes to the new URL2 link.

    I am still getting the "trusted site" pop-up errors and am wondering if this has something to do with how the redirect works and the

    nature of Internet Explorer.... 

    

when HTTP_REQUEST {       
       Check the host header value (set to lowercase)     
  switch [string tolower [HTTP::host]] {        
   "www.URL1.com" {           
 Replace the Host header   
HTTP::header replace Host "www.URL2.com"   

} else {
      HTTP::redirect "https://[HTTP::host][HTTP::uri]"

      } 
   }
}

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    May 11, 2011
    Are you getting a Trusted Sites Error or an SSL Certificate Mismatch Error?

     

     

    If both are sharing the same Virtual Server and you are doing an HTTP to HTTPS Redirect you should be getting a Certificate Error since only one SSL Profile can be placed on a Virtual Server.
  • DM_5174's avatar
    DM_5174
    Icon for Nimbostratus rankNimbostratus
    May 11, 2011
    I am getting a "trusted sites" error. How the rule should work is if I go into http://www.URL1.com, it should replace my header and rewrite https://www.URL2.com (this has the SSL profile associated to this URL. It works without pop-up errors if I do not have "*.URL1.com" in my trusted site IE settings.

     

     

  • DM_5174's avatar
    DM_5174
    Icon for Nimbostratus rankNimbostratus
    May 11, 2011
    I am getting a "trusted sites" error. How the rule should work is if I go into http://www.URL1.com, it should replace my header and rewrite https://www.URL2.com (this has the SSL profile associated to this URL. It works without pop-up errors if I do not have "*.URL1.com" in my trusted site IE settings. If I use Firefox, it does not give me the trusted site popup error, only IE.

     

     

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    May 12, 2011
    I do not have any environments similar to what you are describing, so I am unable to recreate the results that you are having and the functionality that you are describing also does not make sense to me since the iRule you have posted does not have the functionality that you are describing:

     

     

    How the rule should work is if I go into http://www.URL1.com, it should replace my header and rewrite https://www.URL2.com

     

     

    No protocol switching or HTTP to HTTPS Redirect Events are included in the iRule.

     

     

    I'm sorry that I am unable to assist you with your problem, but it has me confused.
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    May 12, 2011
    Hi DM,

     

    I don't believe the iRule can help you with this because it's a client side processing within Internet Explorer.

     

     

    Here is a link to a website that talks about it

     

     

    http://www.technipages.com/ie8-disable-the-current-web-page-is-trying-to-open-a-site-in-your-trusted-sites-list-do-you-want-to-allow-this-message.html

     

     

    I hope this helps,

     

    Bhattman

     

  • DM_5174's avatar
    DM_5174
    Icon for Nimbostratus rankNimbostratus
    May 12, 2011
    Thanks Guys. I was trying to eliminate the pop-up with an irule somehow but came to the same conclusions that Michael and you did. Even if you rewrite the URL to something else, due to the fact you are coming in on one IP address and back out and in again through the same IP address but with a different domain name, it is the nature of IE to give you the popup if you have that domain already listed in your trusted list. I did not have an issue with FF, but with IE was much more picky.

     

     

    Thanks again guys for your feedback and help.

     

     

    -DM