Forum Discussion

Noyan_137135's avatar
Noyan_137135
Icon for Nimbostratus rankNimbostratus
Feb 12, 2014

Basic HTTP Stream Profile

Hi all,

 

I basicly try to use the stream profile to replace the http:// string of my server side response data with https:// and just changed my custom stream profile as below :

 

 

But though I simply click the http://192.168.50.111/ into my web browser, it just keeps load balancing and retrieves a pool member with a HTTP 200 OK code. Isn't it expected that it must show me https://192.168.50.111 instead of http?

 

In my research, it says if the web page returns 302, 303 or 307 status codes, we can see a Location Header which can show the replaced URL as https://blabla in the captured packets (collected with Wireshark) or sth else.

 

Is there any other configuration in F5 menu to apply the stream profile correctly? I want to only use the Stream Profile, not an iRule. However iRule didn't work either. I really don't know why. Here's the curl command result :

 

 

Thank you.

 

  • Hi,

    the Stream profile allows you the ability to search for a string within a data stream and replace that string with another string. In your case it searchs in data stream "http:\http://192.168.50.111/" and replace to https://192.168.50.111, not doing redirect. If you want to redirect from http to https you can use simple, iRule:

    when HTTP_REQUEST {
       HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
    
  • Thank you for the reply. In fact I don't want to do a redirection, just trying to work with Stream Profile itself but I still can't get to observe how is the correct usage and its effects.

     

    Well, if I write the source as just "http://" and the target is "https://" what will be effected and how can I test the output? Will there be a difference?

     

  • The STREAM profile doesn't really work well with URLs. It works on the data in both directions, so basically you're saying replace any http:// references with https:// on the way in (Host headers usually), and again replace any http:// references with https:// on the way out (Location headers and payload object references). So assuming you only want to replace content in one direction, you necessarily need to do STREAM in an iRule. Apply an empty STREAM profile to the VIP and an iRule like this:

    when HTTP_REQUEST {
         tell server not to compress response
        HTTP::header remove Accept-Encoding
    
         disable STREAM for request flow
        STREAM::disable
    }
    when HTTP_RESPONSE {
         catch and replace redirect headers
        if { [HTTP::header exists Location] } {
            HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
        }
    
         only look at text data
        if { [HTTP::header Content-Type] contains "text" } {
    
             create a STREAM expression to replace any http:// with https://
            STREAM::expression {@http://@https://@}
    
             enable STREAM
            STREAM::enable
        }
    }
    

    This will only replace http:// with https:// on the way out (to the client). Presumably you have this applied to a port 443 VIP that is offloading SSL.

  • Hi Kevin,

    Reviewing this old doc, I am also facing the same issue. When browsing:

    https://univardev2.jdadelivers.com/jda/webworksws/SecurityServices?wsdl, it is redirecting to schemalocation: http://univardev2.jdadelivers.com:80/jda/webworksws/SecurityServices?wsdl

    Som tried creating a STREAM Profile setting the target as: @http://univardev2.jdadelivers.com:80@https://univardev2.jdadelivers.com@@

    Will that work without additonal Irule ?

    If incase I create an Irule, whether the below will work:

    when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding

     disable STREAM for request flow
    STREAM::disable
    

    } when HTTP_RESPONSE { catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"http://univardev2.jdadelivers.com:80" "https://univardev2.jdadelivers.com"} [HTTP::header Location]] }

     only look at text data
    if { [HTTP::header Content-Type] contains "text" } {
    
         create a STREAM expression to replace any http:// with https://
        STREAM::expression {@http://univardev2.jdadelivers.com:80@https://univardev2.jdadelivers.com@}
    
         enable STREAM
        STREAM::enable
    }
    

    }

    Thanks and Regards PZ