Post Method Redirect

Jason,

 

 

I have to disappoint you. iRules in v4.x unfortunately do not provide any mechanism for modifying server responses.

 

 

The root cause of your problem is most likely an absolute reference (URI containing protocol and server) in the HTML code (e.g. in a form action attribute) that makes the client issue the POST requests. The best way how to fix the problem is to fix the web application. I understand that this may not be an option :-(.

 

 

BIG-IP v9.x may come to the rescue because it allows (almost) arbitraty manipulation of server responses. You may be able to use this feature to remove the offending absolute reference (or replace it with https://... equivalent) from the page that triggers the POST.

 

 

AFAICT, there is nothing in RFC 2616 (HTTP/1.1) that would explicitly forbid redirection of POST requests. However, redirection of POST requests simply does not work because the client (browser) won't resend the body of the POST after receiving the 302 or 301 response. It simply issued GET request to the URI returned in the "Location" header of the redirect response. BTW, BIG-IP v4.x "redirect to" statement always generates 302 response.

 

 

As a side note: if confidentiality of data is your concern than you must prevent the POST request from being sent over HTTP in the first place. Redirecting it after the fact is too late because at that point sensitive data have already been transmitted without encryption.