Redirect to https only on the login page?

Question

We want to be able to force a user to enter an HTTPS session if they arrive at the login page, but the rest of the application can operate under HTTP.  I am trying to use this rule to accomplish this:&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;if { [HTTP::uri] ends_with "SYS_login.asp" } {
&nbsp;   HTTP::redirect "https://[HTTP::host]/[HTTP::uri]" }
&nbsp;}&nbsp;
&nbsp;Unfortunately, I get stuck in a redirect loop if the user already has specified "https://" when entering the site.&nbsp;
&nbsp;Suggestions?

unruley_95363 · Answer

Yeah, you can make sure the rule is only on your http virtual and not on your https virtual.
Or you could try adding this extra check:when HTTP_REQUEST {
   if { ([TCP::local_port] == 80) and ([HTTP::uri] ends_with "SYS_login.asp") } {
      HTTP::redirect "https://[HTTP::host][HTTP::uri]"
   }
}

Forum Discussion

Redirect to https only on the login page?

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Adding a Second Subnet for Virtual Server IP's

Two Arm Deployment mode using PBR

APM URL Branching tolower

APM Access Policy|SSLVPN | SAML auth questionnaires

libxml2 and CVE-2024-25062

Related Content

HTTP To HTTPS Redirect 301

Bypass Azure Login Page by adding a login hint in the SAML Request

Http redirection

HTTP URI Replace/Redirect

Insufficient permissions BIG-IQ login error

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS