insert www

jgreenjgreen Member
in aFleX
I have an aflex that inserts www if they come in without it and redirects to https://. it works fine if they come in on http, but does not work if they use https. the aflex is bound to both the 443 and the 80.

http://xyzsite.com (works)
https://xyzsite.com (does not work)

when HTTP_REQUEST {
if {[HTTP::host] starts_with "xyzsite"} {
HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
}
}

Comments

  • [Deleted User][Deleted User]
    edited February 2014
    I see the aFlex forum software has problems displaying brackets and quotes :) I thought you were missing them until I tried to post my version and saw the same problem.

    The redirect does work, I just tried it on my AX. So it must be your matching logic? but you say it works on port 80 though.
  • [Deleted User][Deleted User]
    edited February 2014
    This may be basic, but make sure you have type https and you are terminating SSL for the 443 virtual port.
  • jgreenjgreen Member
    edited February 2014
    yes, it works on the port 80 on the VS. The aflex is not working on the 443 port for the VS.
    The VS is configured for HTTPS, aflex bound, snat, and the Client-SSL is configured and bound to the 443 on the VS. When I first hit the site on the 443 without the www, I get a cert error saying the site cert is for www.xyzsite.com. If i check I understant the risk and accept the cert error, it goes ahead and enters the www. It is acting like it is hitting the ssl and giving the cert error before it runs the aflex.
  • jgreenjgreen Member
    edited February 2014
    I am currently running 2.6.1-P1-SP3(build: 3).
  • deastmandeastman Member
    edited February 2014
    This is expected behavior. The subject of your SSL certificate is apparently "www.xyzsite.com". Unless you purchase an SSL certificate that allows multiple subject domains, you will always receive this error unless your URL host is exactly "www.xyzsite.com". The reason is simple; SSL certificates verify you are communicating with the host you intend to communicate with. "host1.xyzsite.com", "www.xyzsite.com", "xyzsite.com", and "host2.www.xyzsite.com" are all considered different hosts in the "xyzsite.com" domain. You could get a second SSL certificate for "xyzsite.com", but if you can only associate one SSL certificate with a virtual site, you would have to resolve "xyzsite.com" to a different virtual server (usually though using a different IP address) and then redirect to https://www.xyzsite.com. The wildcard SSL certificate or whatever your CA calls it allows multiple hosts on one certificate. These are normally more expensive than the single subject SSL certificates of course.
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal