Ashley_Penney_5
Sep 26, 2008Nimbostratus
HTTP to HTTPS redirect when 401 received.
Hi,
We have a very... awkward.. web environment here at work, and I'm hoping that I can get some help here to achieve something. We currently do all the SSL handling on the BigIP, and we're having a problem ensuring that pages with passwords always redirect to https before the client has the chance to pass in their password.
For reasons that are very very complicated, I can't easily do a rewriterule in apache to handle this, and my latest brainwave is that maybe we could write an iRule to do this. I don't even have an account on the BigIP, so I was hoping I could turn to you guys to see if my idea is fundamentally sound. Based on examples I saw scattered around the forums, I pieced together something like this:
when HTTP_RESPONSE {
Check if the server response is a 401
if {[HTTP::status] == 401}{
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
Would I be able to put something like that in place to ensure we never pass passwords unencrypted?