For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brent_Sachnoff_'s avatar
Brent_Sachnoff_
Icon for Nimbostratus rankNimbostratus
Dec 13, 2006

Serverside redirects

Our network setup consists of a F5 and 3 web servers all in the same pool. We terminate SSL on the F5 which means we are just doing http on the serverside. We recently started to do server side redi...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Dec 13, 2006
If the hostname is the same for both HTTP and the subsequent redirect to HTTPS, the browser should submit the cookie when following the redirect.

 

 

If it's a redirect to a different name, you could implement simple/sourceIP persistence and enable "Match across virtual servers".

 

 

In addition to persistence, there is a setting in the HTTP profile called "Redirect rewrite" that will enable automatic re-writing of server-set redirects to HTTPS when LTM is doing decryption. Create and apply a custom http profile with Redirect rewrite set to "Matching" to force re-writing of HTTP redirects for the requested hostname to HTTPS.

 

 

You can also apply this iRule to the HTTP virtual server to force traffic from HTTP to HTTPS: Click here

 

 

I think that should take care of everything...

 

 

HTH

 

/deb