Forum Discussion
neeraj_130680
Nimbostratus
NimbostratusRemoval of "s" from HTTPS loads page in HTTP
I am facing security problem in my website. My website starts from HTTP page (Searching for product, selecting it and proceed to payment and User's information). My user's information page and therea...
Michael_YatesNimbostratus
NimbostratusHi Neeraj,
You know your website better than I, but generally those sections of the site are on different physical pages (take you down into an entirely different area of the site).
Example:
For normal shopping and browsing - HTTP - http://www.website.com/shoping
For purchases - HTTPS - https://www.website.com/purchase
I would suggest writing an iRule that basically looks for the secure area's of the site (based on the URI) and forces HTTPS.
An iRule something like what is below. This will detect the "Secured Area URI" and see if the communication is on the Secured Port. If so, send it to the servers normally. If not, redirect them to the same exact location in the Secure Area:
when HTTP_REQUEST {
switch [string tolower [HTTP::uri]] {
"/purchase*" {
if { [TCP::local_port] == 443 } {
Purchase Area Requires Security
pool secure.pool.servers
}
else {
If not on Secure Port, force Redirect
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
}
}
Hope this helps.
