Forum Discussion

Nimbostratus

Jan 06, 2010

SSL only when auth - HTTP>SSL>HTTP

Hi, I'd like to (re)produce the following behavior : When a client sends an HTTP request to a website called "host", the intermediate BigIP requires an SSL connexion (re...

Cirrostratus

Jan 07, 2010

Hi Vincent,

If the two VIPs are on the same domain, you could use a cookie to track that the client has successfully authenticated against the auth server and redirect the client to the HTTP VIP. You could then check for that cookie on the HTTP VIP before redirecting the client back to HTTPS. From a security standpoint, you could try encrypting the client User-Agent header value with a timestamp and use that for the cookie. On requests, if the cookie value can be decrypted, the user-agent header from the cookie matches the client's user-agent and the timestamp is newer than some session timeout value, you would consider the auth cookie as valid.

Also, in 9.4+ the four AUTH_ events have been deprecated in favor of a single event, AUTH_RESULT (Click here).

You can get a few examples from the Codeshare for doing auth:

http://devcentral.f5.com/wiki/default.aspx/iRules/ClientAuthUsingHTMLForms.html

http://devcentral.f5.com/wiki/default.aspx/iRules/ClientAuthUsingHttpCookie.html

And you can check the default LDAP auth rule, _sys_auth_ldap.

Aaron

Forum Discussion

SSL only when auth - HTTP>SSL>HTTP

Recent Discussions

Troubleshooting Bandwidth Limit Exceedance in Outlook Client Despite BWC Policy

F5 VPN client + Endpoint Inspection

Who is the good technical book publisher for first time author?

failed: Cannot contact any KDC for realm

F5OS API is config save/commit needed?

Related Content

HTTPS > 50000 port translation with SSL termination

Rewriting HTTP redirection with HTTPS->HTTPS (SSL-to-Server feature) does not func.

Rewriting HTTP redirection with HTTPS->HTTPS (SSL-to-Server feature) does not func.

In 5 Minutes or Less - Enterprise Manager v2.2

Drive Identity Into Your Network with F5 Access Solutions