cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

HTTPS POST Redirect not done

Lekh_Raj
Nimbostratus
Nimbostratus

We have an issue with an application (for example, https://abc.com) and in particular with redirects from HTTP to HTTPS .

 

As of now when there’s an HTTP request for some resource F5 responds with 302 code and HTTPS URL in Location header. Client browser then requests the URL provided in Location header.

That works fine for GET requests, the issue we have is with POST requests. Most browsers treat 302 response code as 303 and request the resource provided in response’s Location header using GET method. Therefore in TMS we face the issue that HTTP POST requests change to HTTPS GET requests after being redirected.

 

The question is: can we change the behavior of the redirects? Particularly can we change 302 response code to 307. That way the client’s browser shoulnot change the method from POST to GET after being redirected. Can we have an IRULE for it

3 REPLIES 3

Simon_Blakely
F5 Employee
F5 Employee

Rather than use HTTP::redirect, use HTTP::respond

HTTP::respond 307 noserver Location "https://[HTTP::host][HTTP::uri]"

Please note, most modern browsers should behave correctly with a 307 redirect, but it may be problematic for older browsers.

Jimmy
Nimbostratus
Nimbostratus

Thank you Simon!

It worked!!

Glad to help.

 

Please remember to upvote or flag useful answers, so that other members of the DevCentral community can benefit.

 

Thanks