Forum Discussion

Nimbostratus

Feb 04, 2020

HTTP -> HTTPS redirect described in K26312346 failed pentest scan

I recently had a pentest performed against a virtual server and the implementation I chose for HTTP to HTTPS redirection failed the audit. I had implemented the HTTP to HTTPS policy described in K26...

LTM

security

jwood2

Nimbostratus

Feb 04, 2020

I agree that the finding is a bit weak but I'm still obligated to address it. What being said, I agree with you that the easiest way to fix this is probably with an iRule, but I was wondering specifically how I could implement this sanity check for '[HTTP::uri] starts_with "/"' in a policy. I think I found my answer, within the policy I have configured:

Match all the following conditions:

HTTP URI path begins with any of / at request time

Do the following when traffic is matched:

Redirect to location tcl:https://[getfield [HTTP::host] : 1][HTTP::uri] at request time

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTP -> HTTPS redirect described in K26312346 failed pentest scan

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Related Content

F5 HTTPS Redirect 2025

Rewriting Redirects

(HTTP) Redirection via Arbitrary Host Header

Anchor Link Redirect

BIG-IP Solutions: Simple URL Redirects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS