Altostratushttps for login page only
Hello,
I have special request for one of our websites where they want the login page to be https but once logged in they want everything after that to be http only. to me that translate to an iRule.
I am going to use a fictional website for that just to make it very clear.
Let's say the website is https://fantastic.fantasticday.com
the first page that loads is https://fantastic.fantasticday.com/Account/Login
user name and password and then login and then it changes to https://fantastic.fantasticday.com/whatever.
What I am after is after the login where the uri changes to whatever for the url to change to http.
Right now I have a sample irule so to speak but I think it's missing a lot so I have not even tested it just yet:
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] starts_with "Account/Login" } { HTTP::redirect "https://fantastic.fantasticday.com/Account/Login[HTTP::uri]"}}
this assumes that the URL that users will access is http, and then it will redirect the home page or the login page to https, but but I am not sure if it will go back to http after the login.
Any help with this matter is appreciated.
Thanks
I strongly discourage you to do that. This type of communication is known as unsecure.
Take into account this, if one user could steal the cookie from another user, he/she could access the web page like being the other user.
Conclusion:
- Totally HTTPS Communication = Great!
- Partially HTTPS Communication = HTTP = Unsecure
KR,
Dario.
