Symptoms
When the BIG-IP system is configured to redirect HTTP to HTTPS, iControl SOAP and iControl REST API calls are erroneously accepted on port 80 (in addition to 443).
Impact
iControl SOAP and iControl REST calls are accepted on an unencrypted port. API calls still require authentication, but results are not encrypted.
Conditions
The BIG-IP has 'Redirect HTTP to HTTPS' enabled.
Fix Information
HTTP to HTTPS TMUI redirection no longer erroneously allows HTTP access to iControl SOAP and iControl REST.
