Forum Discussion

Cirrus

Dec 11, 2015

Is HTTP to HTTPS redirection Secure?

Hi All, I have configured http to HTTPS redirection in some of the urls but is this secure? The VS blindly forwards all the communications from http to https which can cause man in midle attck r...

Cumulonimbus

Dec 11, 2015

Hi Jinshu,

To limit Man in the Middle attack on HTTP traffic, you can enable "HTTP Strict Transport Security"

This is a new feature in version 12.0 but you can enable it with an irule on previous version:

https://devcentral.f5.com/articles/implementing-http-strict-transport-security-in-irules

This feature tell the browser to always request HTTPS instead of HTTP even if the user entered http://www.company.com.

In this case, the browser will automatically request https://www.company.com for every new requests until HSTS Max-age expires.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is HTTP to HTTPS redirection Secure?

F5 Academy at AppWorld 2026

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Offloading and Backend pool https

Terraform AS3 code for GTM Only.

Behavior of masterkey on rSeries

Azure F5 deployed using marketplace is unable to ping backend server

f5 client certificate forwarding

Related Content

F5 HTTPS Redirect 2025

Quarterly Security Notification October 2025

HTTP Multipart and Security Implications

(HTTP) Redirection via Arbitrary Host Header

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS