Forum Discussion

rkrenzis's avatar
rkrenzis
Icon for Nimbostratus rankNimbostratus
Apr 18, 2014

HTTPS: Remove www. from hostname

This code appears to work for our HTTP (plain-text sites):

 

when HTTP_REQUEST {

    Check if the host starts with www.
      if {([string tolower [HTTP::host]] starts_with "www.")} { 
          HTTP::header replace Host "[string range [HTTP::host] 4 end]"
   }

}

It does not work when applied to a HTTPS enabled VIP. Is there something else I need to do to when using HTTPS?

 

What is needs to happen: Global rule which will look for any string which begins with "www." and remove it. What is expected: www.site1.com becomes site1.com; www.site2.com becomes site2.com

 

application delivery
devops
iRules
LTM

6 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 18, 2014

    It does not work when applied to a HTTPS enabled VIP. Is there something else I need to do to when using HTTPS?

     

    what does the not-working mean? is connection reset?

     

    by the way, you know HTTP::header does not change display url in browser, don't you?

     

    • rkrenzis's avatar
      rkrenzis
      Icon for Nimbostratus rankNimbostratus
      Apr 18, 2014
      1) www. is not explicitly removed from the display URL in the browser when the session is HTTPS. 2) HTTP::header replace Host is functional with HTTP, not HTTPS.
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Apr 18, 2014

    It does not work when applied to a HTTPS enabled VIP. Is there something else I need to do to when using HTTPS?

     

    what does the not-working mean? is connection reset?

     

    by the way, you know HTTP::header does not change display url in browser, don't you?

     

    • rkrenzis's avatar
      rkrenzis
      Icon for Nimbostratus rankNimbostratus
      Apr 18, 2014
      1) www. is not explicitly removed from the display URL in the browser when the session is HTTPS. 2) HTTP::header replace Host is functional with HTTP, not HTTPS.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 18, 2014

    www. is not explicitly removed from the display URL in the browser when the session is HTTPS

    if you want to change display url, i think you have to use HTTP::redirect rather than HTTP::header.

     config

[root@ve11a:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:443
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 4
}
[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if {([string tolower [HTTP::host]] starts_with "www.")} {
    HTTP::redirect "https://[string range [HTTP::host] 4 end][HTTP::uri]"
  }
}
}

 test

[root@ve11a:Active:In Sync] config  curl -Ik https://www.site1.com/something
HTTP/1.0 302 Found
Location: https://site1.com/something
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 18, 2014

    To Nitass' point, the HTTP::header replace command would not necessarily alter the browser URL. It's going to be applied to the ingress flow, so only the server should see it. Of course if the application causes a redirect after the fact, then that's something else entirely. For what it's worth, the HTTP iRule you have above should work for HTTP and HTTPS as long as the virtual server has decrypted access to the request payload. So two questions:

     

    1. Are you offloading SSL at the virtual server, via client SSL profile? If not, then you cannot parse HTTP headers in an iRule.

       

    2. On the HTTP virtual server, given the above iRule code, does the browser URL actually change (removes the "www.")? If so, do you have some other iRule code applied, or does the server issue a redirect to that URL?