Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
4
Helpful
1
Replies

ACE - keep user on SSL only if logged in

osiristrading
Level 1
Level 1

‎07-29-2009 10:12 PM

Hi everyone

We have a complicated scenario which we need to achieve using the ACE4710. This is what we want to achieve:

1) User browses to site http://www.site.com.

2) User logs in and login is posted to secure path https://www.site.com/myaccount.

3) Once the user is logged in, all subsequent requests to http://www.site.com/* need to be redirected to https://www.site.com/*. In other words, once the user has accessed /myaccount within the session, all further requests must be SSL, no matter which page on the site they are on.

Is this possible with the ACE?

Thanks

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-30-2009 05:19 AM

ACE has no knowledge about what happened in a previous connection.

All you can do is inspect the header of the new http request and identify some information which could identify if the user is logged in or not.

For example, if the server sets a particular cookie when the client is logged in, you can check the presence of this cookie to determine if the client is connected and send the redirect to https.

BUT, since the client will potentially keep the same cookie, even if he logs out, then ace will continue redirecting the client to https.

Only the server has the complete knowledge of the client state.

So the redirect should come from the server.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents