Forum Discussion

davis16_81740's avatar
davis16_81740
Icon for Nimbostratus rankNimbostratus
Jan 22, 2015

Irule for redirecting https to http

I have an old web site that I still ocasionally get querys on which I want to redirect to a page that gives people an idea of what happened to the old site. Unfortunately the irule below only works for http queries NOT https: ---- irule -----

 

when HTTP_REQUEST { if { ([HTTP::host] eq "oldwebsite.com") and ([HTTP::uri] eq "") } { HTTP::redirect "https://newwebsite.com/sadsotory.html" } }

 

When someone requests http://oldsite.com they are successfully redirected to the correct page but when they request https://oldwebsite.com nothing happens and the transaction doesn't even get logged! The important points are that the https://oldsite.com virtual server/address still exists but, there is no certificate. ( I tried just selecting clientssl and that didn't work)

 

So to reiterate.... is there any way to redirect https://oldsite.com to https://newwebsite.com/sadsotory.html without installing a new certificate ?????

 

5 Replies

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus

    Is the iRule assigned to the VIP for the HTTPS-site (port 443)?

     

    Either way, you'll need an external certificate for this VIP and terminate SSL on the BIG-IP to run the iRule. In addition, if it's not a valid cert (matching the hostname) the users will receive certificate errors before they're redirected.

     

  • Thanks for the quick response.

     

    When I test this I do not see any certificate errors is there a log I should see them in ? I was sure this situation comes up all the time ... I guess Im wrong.

     

    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      @arie means browser certificate errors since it's likely the certificate on VIP newsite_https has a different common name/SANs than oldsite_https. is oldsite.com hosted on your f5 as well?
    • davis16_81740's avatar
      davis16_81740
      Icon for Nimbostratus rankNimbostratus
      Yes, I stopped paying for the cert, got rid of the pools and then someone argued that we should reroute all potential requests.
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus

    If you want to redirect HTTPS traffic to HTTP you'll have to get another (matching) cert to avoid browser errors. You don't need a pool if all you want to do is redirects, but you will need a VIP for port 443 (along with said cert).

     

    The SSL handshake takes place before you can send an HTTP-redirect.