For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kanghis_23583's avatar
Kanghis_23583
Icon for Nimbostratus rankNimbostratus
Feb 10, 2009

http to https redirect

This is a fairly common task: a shopping cart application requires us to secure the transaction. Without the big-ip in place, the flow redirects any request to http:/this.domain.com/this/directory t...
application delivery
dev
devops
iRules
Kanghis_23583's avatar
Kanghis_23583
Icon for Nimbostratus rankNimbostratus
Feb 12, 2009
The paramters being passed in the URI do not need to be encrypted for this exercise. At the moment, all I'm trying to encrypt is Credit Card informaiton. The paramters beign passed are used to identify the user. When the user clicks on the trigger button, a javascript call opens a window (window.open (http://mydomain.com/this/directory/page.asp?parameterid1+parameterid2) with the uri information passing the parameters as http://

 

 

The LTM should offload the SSL and rewrite the page using the irule below and the resulting page should be encrypted for submission.

 

when HTTP_REQUEST {

 

if { [HTTP::uri] contains "/this/directory/"}

 

{ HTTP::redirect https://[HTTP::host][HTTP::uri]}

 

}

 

 

Unfortunately, the window insists on using http: so the irule is definitely not working. What other ways could I troubleshoot this. Everyone's help is appreciated but I could be doing more to help out my developers.

 

 

Thanks again!