For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ucgwebmaster_95's avatar
ucgwebmaster_95
Icon for Nimbostratus rankNimbostratus
May 21, 2008

http to https for specfic pages

Good Day,     I am a newbie to the F5 and Irules. I work more on the operations side and our developers have come to me with a task. we have a site. http://my.site.com   I have setup ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 21, 2008
A minor note: [HTTP::host] won't contain the protocol, so you can remove "http://" from the switch cases.

If the developers want to verify SSL was used for some pages, you could insert a new HTTP header in requests which were received through the HTTPS VIP. This could be done on the HTTP profile of the HTTPS VIP (or in an iRule). You'd want to remove any instances of this custom header from the HTTP VIP to make sure malicious clients couldn't force a request to be interpreted as HTTPS when it was HTTP. The application would then need to check for this additional HTTP header to determine whether the client to BIG-IP connection was over SSL or not.

Normally, you might consider passing the full certificate in a header if the clients were presenting a client certificate when connecting to the VIP. I'm not sure what the point of passing the SSL cert installed on the VIP to the app would be.

HTTP example: 

 
 when HTTP_REQUEST { 
     Remove all existing HTTP headers with our name 
    while {[HTTP::header exists Https-Enabled]}{ 
  
       HTTP::header remove "Https-Enabled" 
    } 
 }

Aaron