http to https for specfic pages

So you want to inspect traffic and if it's one of those two URLs send it through the HTTPS VS?

If that's the case, try something like:

 
 when HTTP_REQUEST { 
   switch "[HTTP::host][HTTP::uri]" { 
     "http://my.site.com/login.aspx" - 
     "http://my.site.com/checkout.aspx" - 
     default { 
       HTTP::redirect https://[HTTP::host][HTTP::uri] 
     } 
 } 
 

That will send an HTTP redirect forcing those two particular URLs to an HTTPS version of the same URL. Just apply the above iRule on the port 80 VS and you should be all set.

Colin

Thank you for the quick response. I just found out that it may be for multiple pages. This rule appears to be a good start though. I will need to test it out to make sure.

 

 

On a side note,

 

 

If the developer wanted to require ssl from the code level would I then need to pass the cert from the F5 to the Server?

A minor note: [HTTP::host] won't contain the protocol, so you can remove "http://" from the switch cases.

If the developers want to verify SSL was used for some pages, you could insert a new HTTP header in requests which were received through the HTTPS VIP. This could be done on the HTTP profile of the HTTPS VIP (or in an iRule). You'd want to remove any instances of this custom header from the HTTP VIP to make sure malicious clients couldn't force a request to be interpreted as HTTPS when it was HTTP. The application would then need to check for this additional HTTP header to determine whether the client to BIG-IP connection was over SSL or not.

Normally, you might consider passing the full certificate in a header if the clients were presenting a client certificate when connecting to the VIP. I'm not sure what the point of passing the SSL cert installed on the VIP to the app would be.

HTTP example:

 
 when HTTP_REQUEST { 
     Remove all existing HTTP headers with our name 
    while {[HTTP::header exists Https-Enabled]}{ 
  
       HTTP::header remove "Https-Enabled" 
    } 
 } 
 

Aaron