Nimbostratus
I'm using a standard http to https redirect but it is changing a post transcation to a get.
Here's my rule. How do I do I leave the Post intact and still enforce SSL?
when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] }
Thanks in advance.
Dave
Employee
http://devcentral.f5.com/wiki/iRules.HTTP_POST_redirectNew118.ashx
Nimbostratus
I got pulled into a couple of different projects. Thanks for the link. I don't see how to make this redirect. Am I missing something simple?
Thanks, Dave
EmployeeNimbostratusEmployee
by the way, have you used http analyzer tool?
HttpFox
https://addons.mozilla.org/en-US/firefox/addon/httpfox/
Altostratus
CirrostratusThere is no TCP or HTTP profile setting. This isn't an issue with the F5 it's an issue with how browsers respond to redirects. Can you not modify the webpage or application logic that's causing the POST using HTTP to use HTTPS, ultimately that is the root cause of the issue.
AltostratusI don't know the details of your situation, but it would seem that redirecting a POST to from HTTP to HTTPS would defeat the purpose of using SSL in the first place. If the user has already submitted the data (POST) it's already travelled out in the open (over port 80) and the data should be considered compromised.
If it is not possible to fix the page you could change the HTML as it travels through the LTM and swap out the URL on the page so the POST uses the secure protocol.
