Forum Discussion
Toni_5704
Oct 26, 2010Nimbostratus
irules and j_security_check
Hello, Our security officer asked us to secure via SSL the user/password sent by our login page, and we would like to use the F5 to do this. We are using the standard Jakarta T...
Toni_5704
Oct 28, 2010Nimbostratus
Hey Aaron,
Thanks for this precious feedback.
After some digging, here is what we came with:
A simple irule that would check the presence of a custom HTTP response header, say "CUSTOM_TRANSPORT_SECURED=true". If the header is in the response, redirect the user to HTTPS otherwise, use HTTP.
Here is one scenario:
1) The user ask for a page in HTTP
2) The application adds the custom HTTP header to a given HTTP response (in our case the login form)
2) An iRule would detect this HTTP HEADER and redirect the user the HTTPS
3) The user fill the form and submit it back, still in HTTPS
4) The next Response won't contain the custom header, thus the irule will switch back to HTTP.
If this works, the data submited is protected, and we could use this technique to secure any part of the web application (login, critical forms,etc..), independently of the application server technology(java,C++,etc...)
Before we start testing this, do you think it could be our solution ?
cheers,
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects