HTTPS Redirect based on http_response

Question

New to IRules and just trying to wrap my head around some of the logic here.... 
&nbsp;  
&nbsp; I am looking to capture non-secure login pages and automatically redirect the user to make an https request back to the same page. I am looking for a way to detect that a password field is about to be passed back to the user on an unsecure connection. The SSL termination is on the F5 and the request to the backend servers are unencrypted. Unfortunately this is old web code and these pages are spread throughout the environment. I am looking for a temporary fix until the code can be fixed. 
&nbsp;  
&nbsp; I know how to create a redirect and I have the regular expression I can use to detect the password field.  
&nbsp; I need help with two things. How do I detect whether the user is connected via SSL and how do I detect the password field using a regular expression looking at the http_response so I can force a redirect?  
&nbsp;  
&nbsp; Thanks

jrichards_45544 · Answer

Answered my own question on this...

hooleylist · Answer

What did you end up with?  I was going to suggest redirecting all http requests to https, as it simplifies the configuration and is more secure.  The other option would probably require collecting the response content and rewriting the form action to an https URL.  Depending on how the application lists the form action, this could actually be fairly complicated. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

HTTPS Redirect based on http_response

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Anchor Link Redirect

Http redirection

HTTP URI Replace/Redirect

HTTP POST redirect preserving POST data

Rewrite HTTP Redirect Hostname