For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Desai_124243's avatar
Desai_124243
Icon for Nimbostratus rankNimbostratus
Jul 18, 2016

redirection 80 to 443 and http to https without creating pools and virtuals

Hi,   How can I create any http requests redirect/convert to https requests without creating 80 pools or virtual.   Any helps would be appricate  
application delivery
BIG-IP
http
https
LTM
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jul 19, 2016

Well, not a redirect, but implementing "HTTP Strict Transport Security" will accomplish a similar result.

 

It is supported out-of-box since v12.0.0. From the Release Notes of that version:

 

HTTP Strict Transport Security (HSTS) functionality

 

In this release, an HTTP profile provides HTTP Strict Transport Security (HSTS) settings that apply HSTS security functionality. This functionality requires all non-secure HTTP traffic to use secure HTTPS connections for both a domain (and optionally its subdomains) and persisting client HSTS security functionality, for a specified period.

 

Or it can be implemented via an irule. See: https://devcentral.f5.com/articles/implementing-http-strict-transport-security-in-irules .

 

Anyhow, this will at least draw your attention to the security issues of an HTTP->HTTPS redirect so frequently requested.