For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

m1tchm8_56526's avatar
m1tchm8_56526
Icon for Nimbostratus rankNimbostratus
Jan 26, 2018

How do i maintain the SSL connection between client and the F5 after login to a web page

I have a BIGIP LTM version 13 which I am using for SSL offload to a web server behind the F5. The SSL offload initially works by maintaining the SSL connection (HTTPS) between the client and F5 and H...
application delivery
BIG-IP
LTM
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Jan 26, 2018

Making the assumption that this is a HTTP redirect from http to https the following iRule will replace check the HTTP Location header and if it starts with http:// does a string map to replace with https:// and replaces the Location header with it.

when HTTP_RESPONSE {
    if {[string tolower [HTTP::header Location]] starts_with "http://" }{
         Generate a new Location destination replacing "http://" with "https://" and replace HTTP Header in response
        HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header "Location"]]
    }
}
`

You might want to add in a check for the hostname as well if the server sends valid directs to http, e.g. following iRule only replaces updates redirects for the domain :

`when HTTP_RESPONSE {
    if {[string tolower [HTTP::header "Location"]] starts_with "http://www.abc.com" }{
         Generate a new Location destination replacing "http://" with "https://" and replace HTTP Header in response
        HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header "Location"]]
    }
}