For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Nov 13, 2015

    A pretty common problem. I'd start by enabling the Redirect Rewrite option in your HTTP profile. This will rewrite 30x redirects. If the bad URLs are in HTTP payload then you'll need to do a little extra work.

     

  • dw_888_212625's avatar
    dw_888_212625
    Icon for Nimbostratus rankNimbostratus
    Nov 16, 2015

    Please advise what will happen after the 30x rewrite? what bad URLs are we refering to and what is needed to do?

     

  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Nov 16, 2015

    Check if your backend server is redirecting from "/more" to "http://somewebsite.com/" thus redirecting to the http version no matter what the client has requested.

     

    If this is the case, you have multiple options to chose from including:

     

    1. Rewrite 30x redirects as mentioned by Kevin or
    2. Reconfigure the redirection on the server so it redirects relatively from "/more" to "/" instead of the full http url. or
    3. Create a redirect vs on F5 that redirects from http to https and open port 80 on your firewall. You'll then have two redirects: first one is the one you mentioned which is done at the server level, then a second one that is performed by F5 to redirect again to https://somewebsite.com/

    Regards,