Forum Discussion

som_86408's avatar
som_86408
Icon for Nimbostratus rankNimbostratus
Jul 03, 2013

HTTPS to HTTP redirection by removing 's' from HTTPS

 

Please help on this issue-

 

 

Problem description:

 

We have two VIP for same website i.e. www.xyz.co.uk ,one is for http and another is for https ,but at backend traffic is hitting at port 80 only. Now suppose when any user is accessing ,request is first hitting at VIP for http, after reaching at home page(upto this traffic has to be http, not https) user is purchasing phone after clicking at "upgrade" and request is now hitting at VIP for https, when user reached at upgrade page, if by mistake or intentionally he/she removes "S" from https ,still he is able to access the same page and purchase phone, but in this case traffic is http, therefore unencrypted.

 

 

Requirement:

 

We need even after removal of S from https URL will again be redirected to https so we need to force user again to use https when purchasing phone instead of http. At the same time HTTP web pages should work normally.

 

 

 

Thanks

 

som

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 03, 2013
    Som,

     

     

    Two options. Firstly, can you not simply block http access at the backend for this part of the app? If not I'd add an irule and do a redirect to https if the http::uri or http:path references the upgrade part of the web app.

     

     

    Hope this helps,

     

    N
  • som_86408's avatar
    som_86408
    Icon for Nimbostratus rankNimbostratus
    Jul 03, 2013

    Thanks Nathan,

     

    I have checked and found all these upgrade pages contain 'msc_' so I have planned to configure the blow irule.

     

    Is this irule server my purpose? As per my understanding this irule needs to be implemented under HTTPS, right?

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] contains "msc_" } {

     

    HTTP::redirect "https://[HTTP::host][HTTP::uri]"

     

    }

     

    }

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 03, 2013
    som,

     

     

    That irule looks fine. You'd want this applied to your http virtual server.

     

     

    Rgds

     

    N
  • SSHSSH_97332's avatar
    SSHSSH_97332
    Icon for Nimbostratus rankNimbostratus
    Jul 05, 2013
    You can try logging using the below :

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] contains "msc_" } {

     

    HTTP::redirect "https://[HTTP::host][HTTP::uri]"

     

    log local0.info " redirection worked for Client [IP::client_addr] for [HTTP::host][HTTP::uri] "

     

    }

     

    }