Forum Discussion

Mike_Devlin_108's avatar
Mike_Devlin_108
Icon for Nimbostratus rankNimbostratus
Mar 03, 2010

Striping www from the URL

Hello,

 

 

I guess I'll start by explaining the desired result. The virtual server will be listening on port 443, and will have an SSL certificate of *.company.com. Given that a wildcard SSL cert will only terminate back one level (based on RFC2818), I need to be able to re-write or re-direct the following:

 

 

https://www.customer1.company.com to https://customer1.company.com before SSL termination takes place. The idea is that the customer will not be presented with the SSL mismatch error.

 

 

So now, i ask, can i do that? and if so, how?

 

 

I was thinking something like, but i don't know if it will work, or the correct syntax:

 

 

when HTTP_REQUEST {

 

if {[HTTP::host] starts_with "www."} {

 

variable = everything_after_www.

 

redirect to "https://variable[HTTP::uri]"

 

}

 

}

 

 

Thanks in advance.

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 03, 2010
    I'm not sure if IE still behaves this way, but last I heard is it expects the asterisk in the leading position, so you'll still get a warning for www.customer1.company.com for a *.company.com wildcard cert. My understanding is firefox will do this just fine.

     

     

    BTW, ssl termination has to take place before the host is evaluated.
  • Mike_Devlin_108's avatar
    Mike_Devlin_108
    Icon for Nimbostratus rankNimbostratus
    Mar 03, 2010
    Newest version of Firefox was apparently brought up to comply with the RFC.

     

     

    Thanks anyways.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 04, 2010
    You could change DNS records so that the other FQDN's resolve to separate addresses and then install valid certs on VIPs on those IP's. Maybe it's not as consolidated a solution as doing everything on one VIP, but it eliminates the mismatched cert warnings.

     

     

    Aaron