Hi there,
Is this the same scenario as the last post (
Click here)? If so, you can use a stream profile and STREAM::expression based iRule to rewrite the response content to the correct domain. This would avoid the issue of the client making a request to the old domain.
You can check the STREAM::expression wiki page for examples (
Click here).
when HTTP_RESPONSE {
Check if response type is text
if {[HTTP::header value Content-Type] contains "text"}{
Replace https://junk.domain.com with https://realjunk.domain.com
STREAM::expression {@https://junk.domain.com@https://realjunk.domain.com@}
Enable the stream filter for this response only
STREAM::enable
} else {
Disable the stream filter by default
STREAM::disable
}
}
This will work if the response is going to the client through the BIG-IP. If that's not the case, there aren't any simple fixes you can make on the BIG-IP to prevent the browser alert. By design of HTTPS, if a request comes in via HTTPS to a VIP and you don't have an SSL cert valid for that domain or subdomain, the browser will generate an invalid or mismatched cert warning. You could either get a valid cert for junk.domain.com or for *.domain.com.
Aaron