Forum Discussion

Nimbostratus

Feb 04, 2020

HTTP -> HTTPS redirect described in K26312346 failed pentest scan

I recently had a pentest performed against a virtual server and the implementation I chose for HTTP to HTTPS redirection failed the audit. I had implemented the HTTP to HTTPS policy described in K26...

LTM

security

nathe

Cirrocumulus

Feb 04, 2020

I think I'm with the pentester on this and this is susceptible to MITM.

I would mitigate this by using HTTPS Strict Transport Security. See HSTS.

Hope this helps,

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTP -> HTTPS redirect described in K26312346 failed pentest scan

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

F5 HTTPS Redirect 2025

Rewriting Redirects

(HTTP) Redirection via Arbitrary Host Header

Anchor Link Redirect

BIG-IP Solutions: Simple URL Redirects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS