web services credentials passed over port 80 after http redirect is setup

Question

Issue: Login prompt presented over plain http port 80 even though http redirect is set up.&nbsp;
I discovered our application group published a webservice using http basic authentication so I went to: (example)&nbsp;
http://ourdomain.com/groovey/service  with my web browser and was prompted for user name and password&nbsp;
When I go to https://ourdomain.com/groovey/service the form pops up is shows 443.&nbsp;
 &nbsp;
If I do a similar test going to our main web login page over http I get redirected to the https version.&nbsp;
We have a Virtual Server set up with a HTTP class Profile defined with action Redirect to and location of : https://[HTTP::host][HTTP::uri]&nbsp;
&nbsp;
So it appears credentials are being sent over clear text on port 80.  How do I improve the config to ensure the entire conversation goes over https?  I'm assuming there are more steps needed, any guidance would be much appreciated.&nbsp;

what_lies_bene1 · Answer

How is the Virtual Server setup? Is it a wildcard? If not, what port does it listen on? Are there two VSs, one for port 80, one for 443?

Forum Discussion

web services credentials passed over port 80 after http redirect is setup

1 Reply

Recent Discussions

About IPI check ip list

Cookie Violation - Expired TimeStamp.

About custome Response Blocking Page

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

Leaked Credential Check with Advanced WAF

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

XC - azure cloud Credentials issues

Service discovery and registration with BIG-IP

Anchor Link Redirect