From ArrayOS ASF 3.0.0.1, ASF supports redirecting the http requests to https.
Why we need http to https redirection:
For security, an industry best practice is to ensure all HTTP traffic is SSL-encrypted as HTTPS. Since typical end-users do not specify the HTTPS protocol when entering URLs for requests, the initial requests arrive over HTTP. Enabling HTTP to HTTPS redirection option, the ASF redirects to https for such http requests.
Please follow below steps through webui for enabling http to https redirection:
· Create http virtual service with same VIP of https virtual service.
· Create a http profile in “HTTP Profile” option under “Application Defence”.
· Bind the http virtual service in above created http profile and click on “Apply changes”
· Enable the “HTTP-to-HTTPS Request redirection” in HTTP profile and click on “Apply changes” and save the configuration globally.
Please follow below steps through CLI for enabling http to https redirection:
· Take the CLI access of ASF and switch to enable mode with command “enable” and then go to config mode with command “config terminal”
· Create a http profile with below command
#http profile name "Http_To_HTTPS_Redirect"
· Bind the http virtual service with http profile
#http policy default "VS_CLP_HTTP" "Http_To_HTTPS_Redirect"
Note: You must mention your actual virtual service name in above command.
· Enable the http to https request redirection option with below command
#http profile redirect https on "Http_To_HTTPS_Redirect"
· Save the configuration globally with below commad
#wr mem
How we can confirm that http to https redirection is working:
After we enable the http to https redirection on ASF, upon receiving an HTTP request the appliance will reply with an HTTP redirect response in which the Protocol value of the Location header is changed to “HTTPS”.
To verify this, kindly run developer tool on browser and access the http URL. The ASF appliance provide the response with 301 status code and mentioning the https protocol on location header.
