diana_24252
May 08, 2008Nimbostratus
Redirect to HTTPS doesn't work properly
Redirect to HTTPS doesn't work properly
Description of the problem:
Web site: testcustompoint.rrd.com (it is a test only site so there is an SSL name error)
The web server redirects you to HTTPS and once the login page opens the browser address changes to:
https://testcustompoint.rrd.com/xs2/prelogin?CMPID=126&qwerty=08050811
At this point if you delete only the letter “s” in the HTTPS and hit Enter the page will load in HTTP and will not redirect to HTTPS. Obviously this is a major security issue.
The web team only wants the login page to be secure and not all the pages.
I setup the following iRule:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/xs2/prelogin" } {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
This iRule did not fix the security issue I described above. I tried a few different modifications of a redirect iRule, but no luck yet.
Any help will be greatly appreciated!