I had been searching for some time whether it is possible to redirect http to https with POST parameters. It seems that we are out of luck, especially we are still on 9.1.2. I notice that there is new command like HTTP::retry, HTTP::request which are only available in 9.2. Some reference saying that the POST can be pass along such as http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=27548. But I am not sure is it still valid for http to https redirection, especially they are using HTTP::retry. Any one had tried? BTW, has anyone worked out a way to do it before version 9.2? Some also mentioned that it can be achieved with STREAM command. Since I am very new to iRule, I would be appreciated if any expert here can illustrate with some example how this can be done. Thanks!

Would this not work: rule http_redirect_rule { when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } } I seem to believe this should work on your version.

No, it didn't. I tried and check the POST data is lost. Here's what I tried: 1. Use the method you suggested and redirect to another Virtual server (B) 2. At B, write a iRule to check the HTTP method and get the parameter. But it shows a GET method. Any other suggestion, thanks anyway!

As you've found, redirecting a POST request triggers the client to make a GET request to the new Location. Any POST data is lost in the process. In terms of LTM configuration, it would probably be easiest to rewrite the response which generates the POST via HTTP so that the POST is made via HTTPS. What are you trying to accomplish by redirecting the requests to HTTPS? Are you trying to prevent sensitive data from being sent in the clear? If so, the data is potentially already being sent by the time you're trying to redirect the client requests. In this case you would want to ideally try to prevent the HTTP request before it's made. If the response which generates the HTTP request is sent to the client through LTM, you could potentially rewrite it to reference the HTTPS VIP. Or are you redirecting because the application is now answering only for HTTPS? If so, you could try to send the request to the server(s) without redirecting them. You might be able to do this by adding a server SSL profile to the VIP and selectively enabling it for requests which need to be sent to the server encrypted, or by using HTTP::retry in 9.2+, or by using the virtual command in 9.4+. Aaron

it would probably be easiest to rewrite the response which generates the POST via HTTP Yes, it is exactly what I am after. Would you please give me some hints, if possible example, how to achieve this? Thanks a lot! For http to https, there is no security concern. I just want to redirect to other server which runs on https.

Thanks for your reply! The redirect request is still in GET, right? Is it possible to make a redirect request a POST request instead of GET? I need this because I am redirecting this to a black-box application which only accept POST request.

Forum Discussion

Franko_Ng_30513

Nimbostratus

Feb 28, 2009

http to https with POST Parameters impossible?

I had been searching for some time whether it is possible to redirect http to https with POST parameters. It seems that we are out of luck, especially we are still on 9.1.2. I notice that there is new command like HTTP::retry, HTTP::request which are only available in 9.2. Some reference saying that the POST can be pass along such as http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=27548. But I am not sure is it still valid for http to https redirection, especially they are using HTTP::retry. Any one had tried? BTW, has anyone worked out a way to do it before version 9.2?

Some also mentioned that it can be achieved with STREAM command. Since I am very new to iRule, I would be appreciated if any expert here can illustrate with some example how this can be done. Thanks!

11 Replies

Nat_Thirasuttakorn
Employee
Mar 06, 2009
ummm....

you won't have virtual command either.

the url that I sent uses technique called virtual targeting virtual.

http://devcentral.f5.com/wiki/default.aspx/iRules/virtual.html

so forget about it

btw, back to your original question. there is no way to create redirect with POST (somebody correct me if I am wrong)

but as I mentioned, you can use redirect...then when client send new GET to BIG-IP, this GET request does not need to forward to server. BIG-IP replies with page that contains auto-POST javascript...(use HTTP::respond)

this technique is simple and has been used by another product - FirePass also.

if you are familiar to javascript, here is something what I meant

something like..

onload=document.form.submit();

sorry if you are not familiar with javascript, I don't know of it much either.

you may do the same as me (google it)

PS: this won't work if new http request (after redirect) does not come to BIG-IP

Forum Discussion

http to https with POST Parameters impossible?

11 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

HTTP auth - Calling external API with parameters

Need Help in iRule to Modify HTTP header parameter.

Brute Force protection for single parameter like OTP

F5 ASM/AWAF Remote File Inclusion signatures do not block http:// or https:// in the form parameter

HTTP Multipart and Security Implications