For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

neeraj_130680's avatar
neeraj_130680
Icon for Nimbostratus rankNimbostratus
Jul 23, 2013

Removal of "s" from HTTPS loads page in HTTP

I am facing security problem in my website. My website starts from HTTP page (Searching for product, selecting it and proceed to payment and User's information). My user's information page and therea...
application delivery
dev
devops
iRules
Michael_Yates's avatar
Michael_Yates
Icon for Nimbostratus rankNimbostratus
Jul 24, 2013
Hi Neeraj,

You know your website better than I, but generally those sections of the site are on different physical pages (take you down into an entirely different area of the site).

Example:

For normal shopping and browsing - HTTP - http://www.website.com/shoping

For purchases - HTTPS - https://www.website.com/purchase

I would suggest writing an iRule that basically looks for the secure area's of the site (based on the URI) and forces HTTPS.

An iRule something like what is below. This will detect the "Secured Area URI" and see if the communication is on the Secured Port. If so, send it to the servers normally. If not, redirect them to the same exact location in the Secure Area: 

 
when HTTP_REQUEST {
switch [string tolower [HTTP::uri]] {
"/purchase*" {
if { [TCP::local_port] == 443 } {
Purchase Area Requires Security
pool secure.pool.servers
}
else {
If not on Secure Port, force Redirect
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
}
}

Hope this helps.