add www to a https host

Question

One of our customers uses a certificate for his website. The certificate is assigned to https://www.customer.com. 
&nbsp;  
&nbsp; So when somebody types https://customer.com as the URL, they get a certificate error. I need to change the HTTPS request from https://customer.com to https://www.customer.com. 
&nbsp;  
&nbsp; This is probably done by a simple irule, but I am not able to find a solution to this. I have also searched this forum after something that could help me on the way, but nothing so far.  
&nbsp;  
&nbsp; Can anyone please help? 
&nbsp;  
&nbsp; Thanks.

joe_pruitt · Answer

That's actually very simple to do.  Apply this iRule to their Virtual server and they should be all set.  
  when HTTP_REQUEST {  
   if { !([string tolower [HTTP::host]] starts_with "www.") } {  
     HTTP::redirect http://www.[HTTP::host][HTTP::uri]"  
   }  
 }  
 This will essentially check the value of the Host header and if it doesn't start with "www." it will issue a HTTP redirect to the client browser with www. added to the beginning of the URI.  
 If the customer doesn't want to do this for all requests, but only for the single domain "customer.com", you could do something like this:  
  when HTTP_REQUEST {  
   if { [string tolower [HTTP::host]] eq "customer.com" } {  
     HTTP::redirect "http://www.customer.com[HTTP::uri]"  
   }  
 } 
 Hope this helps...  
 -Joe

the_bhattman · Answer

I wanted to add the SSL handshake will occurbefore any iRule is processed, which means that the customer's clients will receive cert err before the redirection occurs.  This is more or less a limitation of SSL Traffic. 
&nbsp;  
&nbsp; thanks, 
&nbsp; CB 
&nbsp;  
&nbsp;  &nbsp;

hooleylist · Answer

If you're able to redirect the HTTP request from http://customer.com to https://www.customer.com, then you'll avoid the mismatched cert warning.  Else, you might be able to get a UCC SSL certificate which is valid for customer.com and www.customer.com.  In that case, you wouldn't need an iRule.  
&nbsp;    
&nbsp;  Aaron

geir_sandbu_342 · Answer

Thanks for the quick replies folks. 
&nbsp;  
&nbsp; But unfortunately it won't work. I tried to implement both the irule examples above. But coudn't get to the website. 
&nbsp; When I turn off the irule and the http profile, it works, but with the certificate error of course. When I try to add the irule without the http profile I get this message:"HTTP_REQUEST event in rule (test2) requires an associated HTTP or FASTHTTP profile on the virtual server" 
&nbsp;  
&nbsp; Any suggestions? 
&nbsp;  
&nbsp; Thanks

hooleylist · Answer

In order to parse, inspect or modify the HTTP content in an HTTPS request, you'll need to decrypt the SSL using a client SSL profile.  If you want to use native HTTP:: iRule commands, you'll need to add an HTTP profile.  See my last post on two possible solutions for avoiding the cert mismatch error. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

add www to a https host

5 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

APM policy based on HTTP host header

DESTINATION HOST UNREACHABLE

TMSH command to add irule

Command to console into vcmp guest from host?

vCMP host and compatible guest version