Forum Discussion

shlomi_133455's avatar
shlomi_133455
Icon for Nimbostratus rankNimbostratus
Jul 30, 2014

Referrers from https to http

Hello, I have an issue regarding referrers. we are working with a company that want to link to one of our websites, the problem start when they want to link from their site that works with https to our site that work on http. (Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.) now here is my question. if i have SSL installed on a Virtual Server and I can direct the link to it, for example give my "partner" https://MyWebsite.com, can i take this his request and move it to http after i pulled out the referrer? will it work? if so, how do i do it in an iRule?

 

Thanks, Shlomi.

 

application delivery
availability
BIG-IQ
devops
iRules
management
security

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 30, 2014

    You may find that HTTP Referer header passing inside SSL is a browser-dependent behavior, but otherwise you could potentially use a cookie from your HTTPS VIP to your HTTP VIP:

    when HTTP_REQUEST {
    if { [HTTP::header exists Referer] } {
        HTTP::respond 302 Location "http://mysite.domain.com" "Set-Cookie" "refer: [HTTP::header Referer]; path=/;"
    }
}

    This iRule, placed on the HTTPS VIP, will redirect the user to the HTTP VIP and send a cookie (refer) with the contents of the Referer header. One important caveat is that the HTTPS and HTTP VIP need to have the same hostname (ie. https://www.domain.com and http://www.domain.com). You can technically use a domain cookie if they're not, but it'd be easier if they are.