For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

matt_108790's avatar
matt_108790
Icon for Nimbostratus rankNimbostratus
Nov 13, 2008

selective SSL redirect

We host a number of sites behind our LTMs where we have a need to only load particular pages in SSL with everything else loading in clear text.     In these instances, SSL termination is se...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 14, 2008
Hi there,

 

 

If the application triggers POST requests to any of the objects you'd need to rewrite the response content where the form action is currently relative (defaults to HTTP) or explicitly set as HTTP. You couldn't just redirect the HTTP request for these objects to HTTPS as the client would not submit an identical POST request to the HTTPS location. It would submit a GET request without the post data.

 

 

It is possible, but not simple to selectively rewrite the HTTP references to HTTPS. You'd need to find all of the pages that refer to these objects you want to encrypt requests to. You'd need to rewrite the page content using a stream profile and iRule from relative or absolute references to http:// to https://.

 

 

It would be much simpler to either modify the application to reference HTTPS where you want HTTPS, or to use HTTPS for all but the root document.

 

 

Aaron