Forum Discussion

Anush's avatar
Anush
Icon for Nimbostratus rankNimbostratus
Feb 06, 2015

Redirect to the site which is not on F5

Hi all, I understood that there are few ways to redirect users to different site..we are using following ways 1. using irule and data group with VIP/port any - irule accepts the http request and execute data groups which has list of sites configured where to redirect site. Irule details: if it get user http request, it disable ssl profile and execute data group and if it get user https request, it process normally

 

2 defined two different VIPS - 80 and 443 - http VIP redirect to https VIP and https VIP has irule on it which redirect the site

 

in first method, both http and https request redirect to site in second method, before it get redirect, it converts http to https first

 

question is, is there any security concern in first method since http request get redirect or no worries since it get redirect to final site so does't matter if it has http or https ?

 

Thanks

 

2 Replies

  • Hi Anush,

     

    it is a common approach to have a virtual server listening on cleartext http which is simply used to redirect the client into https.

     

    This way you force all clients to use an encrypted channel.

     

    So if I got your question right, there are no concerns about it.

     

    Btw, you have options to specify the response code to be used for the redirect and there is an option to modify the server header contained in the response.

     

    Thanks, Stephan

     

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus

    Make sure you keep your SEO folks happy (and avoid unnecessary redirects for repeat visitors) and use a 301 (permanent redirect) rather than a 302 (temporary redirect).

    The command

    HTTP::redirect
    issues a 302, so you'll want to use
    HTTP::respond
    instead.