For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 30, 2014

You may find that HTTP Referer header passing inside SSL is a browser-dependent behavior, but otherwise you could potentially use a cookie from your HTTPS VIP to your HTTP VIP:

when HTTP_REQUEST {
    if { [HTTP::header exists Referer] } {
        HTTP::respond 302 Location "http://mysite.domain.com" "Set-Cookie" "refer: [HTTP::header Referer]; path=/;"
    }
}

This iRule, placed on the HTTPS VIP, will redirect the user to the HTTP VIP and send a cookie (refer) with the contents of the Referer header. One important caveat is that the HTTPS and HTTP VIP need to have the same hostname (ie. https://www.domain.com and http://www.domain.com). You can technically use a domain cookie if they're not, but it'd be easier if they are.