Forum Discussion

Cirrus

Dec 11, 2015

Is HTTP to HTTPS redirection Secure?

Hi All, I have configured http to HTTPS redirection in some of the urls but is this secure? The VS blindly forwards all the communications from http to https which can cause man in midle attck r...

Cirrus

Dec 11, 2015

Thanks Stanislas,

I have done this with below Irule on 11.5.3 version.

On HTTPS url,

  when HTTP_RESPONSE {
    HTTP::header insert "Strict-Transport-Security" "max-age=15552000; includeSubDomains"
}

On http url

when HTTP_REQUEST {
set my_loc "https://[HTTP::host][HTTP::uri]"
TCP::respond "HTTP/1.1 301 Moved Permanently\r\nLocation: $my_loc\r\nConnection: close\r\nContent-Length: 0\r\n\r\n"
TCP::close
}

-Jinshu

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is HTTP to HTTPS redirection Secure?

F5 Academy at AppWorld 2026

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Offloading and Backend pool https

Terraform AS3 code for GTM Only.

Behavior of masterkey on rSeries

Azure F5 deployed using marketplace is unable to ping backend server

f5 client certificate forwarding

Related Content

F5 HTTPS Redirect 2025

Quarterly Security Notification October 2025

HTTP Multipart and Security Implications

(HTTP) Redirection via Arbitrary Host Header

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS