Forum Discussion

Cirrus

Dec 11, 2015

Is HTTP to HTTPS redirection Secure?

Hi All, I have configured http to HTTPS redirection in some of the urls but is this secure? The VS blindly forwards all the communications from http to https which can cause man in midle attck r...

Cumulonimbus

Dec 11, 2015

Hi Jinshu,

To limit Man in the Middle attack on HTTP traffic, you can enable "HTTP Strict Transport Security"

This is a new feature in version 12.0 but you can enable it with an irule on previous version:

https://devcentral.f5.com/articles/implementing-http-strict-transport-security-in-irules

This feature tell the browser to always request HTTPS instead of HTTP even if the user entered http://www.company.com.

In this case, the browser will automatically request https://www.company.com for every new requests until HSTS Max-age expires.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is HTTP to HTTPS redirection Secure?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

F5 HTTPS Redirect 2025

HTTP Multipart and Security Implications

Quarterly Security Notification October 2025

(HTTP) Redirection via Arbitrary Host Header

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS