ACE - keep user on SSL only if logged in

Unanswered Question
Jul 29th, 2009
User Badges:

Hi everyone

We have a complicated scenario which we need to achieve using the ACE4710. This is what we want to achieve:

1) User browses to site

2) User logs in and login is posted to secure path

3) Once the user is logged in, all subsequent requests to* need to be redirected to*. In other words, once the user has accessed /myaccount within the session, all further requests must be SSL, no matter which page on the site they are on.

Is this possible with the ACE?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Gilles Dufour Thu, 07/30/2009 - 05:19
User Badges:
  • Cisco Employee,

ACE has no knowledge about what happened in a previous connection.

All you can do is inspect the header of the new http request and identify some information which could identify if the user is logged in or not.

For example, if the server sets a particular cookie when the client is logged in, you can check the presence of this cookie to determine if the client is connected and send the redirect to https.

BUT, since the client will potentially keep the same cookie, even if he logs out, then ace will continue redirecting the client to https.

Only the server has the complete knowledge of the client state.

So the redirect should come from the server.



This Discussion