For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cquick11_115408's avatar
cquick11_115408
Icon for Nimbostratus rankNimbostratus
Mar 22, 2014

http redirect to https based on http::uri

I am trying to set up redirection from http to https, and vice versa, based on uris. examples: /login.aspx /dashboard.aspx. If someone went to login.aspx and it should go to https, then if someone cl...
application delivery
design
devops
iRules
LTM
microsoft
giltjr's avatar
giltjr
Icon for Nimbostratus rankNimbostratus
Mar 24, 2014

Logic to the code:

 

1) Check to see if cookie SecureStat cookie already exist. This means we have been through here once before and should be matched the majority of the time.

 

2) If SecureStat cookie is set, are we NOT SSL. If we are NOT SSL check to see if we match your URL's and if so redirect to SSL.

 

3) If SecureStat cookie is set and we are SSL check to see if the original request was non-SSL ($SecureStat would be false) and if we don't match any of your URLS. If original request was non-SSL and we don't match your URL's redirect to HTTP.

 

4) If cookie SecureStat was not present, this is first time through. Set variable "cookie" to required values.

 

5) If we are not SSL, check to see if we match your URL's If we do use HTTP::Repsond with 302 code and new location and set cookie.

 

6) If we are SSL and we don't match your URI's, HTTP::respond and set cookie.

 

We need to use HTTP:respond 302 when we want to set the cookie, because the HTTP::redirect does not allow you to set cookies.

 

I just saw a typo in my code post. On the first HTTP::respond, it should of course be https instead of http in the location.