For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

scott_nixon_825's avatar
scott_nixon_825
Historic F5 Account
Aug 13, 2005

iRule for forcing https

Issue:   Trying to bring up a parallel site for ONES main production site that goes live on Tuesday. Using an iRule for forcing https:     when HTTP_REQUEST {   HTTP::redirect https://[H...
application delivery
dev
devops
iRules
David_Hicks_224's avatar
David_Hicks_224
Icon for Nimbostratus rankNimbostratus
Aug 15, 2005
Here's the background (I'll try to be brief). This is at a university with a central IT shop, but with dozens of other colleges and departmetns using our services. One of those services is a somewhat "universal" forms submission utility that was developed a long time ago. It takes in all types of content with variable lengths, etc. So INSIDE the Web content THEY develop, they can use our utility for their POSTs. We also use it internally. For our internal calls to it, we have just added HTTPS to the call and all is well. For the others that are using it, they will need to do they same thing, but we just found out about this problem and there isn't time to get everyone using it to make the change to HTTPS. In a month from now, that will all be corrected, but until then, we need to move forward. So this is the iRule we WERE using:

 

 

when HTTP_REQUEST {

 

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

 

}

 

 

Which has NOW ben modified to:

 

 

when HTTP_REQUEST {

 

if { [HTTP::method] equals "POST" && [string tolower [HTTP::uri]] contains "/utility/processform.cfm" } {

 

}

 

else {

 

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

 

}

 

}

 

 

For temporary use, it's functional. It's certainly not optimal and we don't plan to keep it any longer than needed. What do you think?