Handling HTTP Requests on an HTTPS Virtual Server

There are scenarios where it might be prudent to support HTTP request redirection on a single port, and thus, a single virtual server. Yes, this can be done with the alias port zero, but that locks a...
Published Jul 24, 2018
Version 1.0
application delivery
BIG-IP
iRules
ssl
jmsanchezcb_239's avatar
jmsanchezcb_239
Icon for Nimbostratus rankNimbostratus
Aug 21, 2018

Hello! I think the line HTTP::redirect https://[HTTP::host][HTTP::uri] is going to open the door to the host header poisoning vulnerability; to prevent this, the value of [HTTP::host] can be validated against a whitelist.