Forum Discussion
Basic HTTP Stream Profile
Hi all,
I basicly try to use the stream profile to replace the http:// string of my server side response data with https:// and just changed my custom stream profile as below :
But though I simply click the http://192.168.50.111/ into my web browser, it just keeps load balancing and retrieves a pool member with a HTTP 200 OK code. Isn't it expected that it must show me https://192.168.50.111 instead of http?
In my research, it says if the web page returns 302, 303 or 307 status codes, we can see a Location Header which can show the replaced URL as https://blabla in the captured packets (collected with Wireshark) or sth else.
Is there any other configuration in F5 menu to apply the stream profile correctly? I want to only use the Stream Profile, not an iRule. However iRule didn't work either. I really don't know why. Here's the curl command result :
Thank you.
- Vitaliy_SavransNacreous
Hi,
the Stream profile allows you the ability to search for a string within a data stream and replace that string with another string. In your case it searchs in data stream "http:\http://192.168.50.111/" and replace to https://192.168.50.111, not doing redirect. If you want to redirect from http to https you can use simple, iRule:
when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
- Noyan_137135Nimbostratus
Thank you for the reply. In fact I don't want to do a redirection, just trying to work with Stream Profile itself but I still can't get to observe how is the correct usage and its effects.
Well, if I write the source as just "http://" and the target is "https://" what will be effected and how can I test the output? Will there be a difference?
- Kevin_StewartEmployee
The STREAM profile doesn't really work well with URLs. It works on the data in both directions, so basically you're saying replace any http:// references with https:// on the way in (Host headers usually), and again replace any http:// references with https:// on the way out (Location headers and payload object references). So assuming you only want to replace content in one direction, you necessarily need to do STREAM in an iRule. Apply an empty STREAM profile to the VIP and an iRule like this:
when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding disable STREAM for request flow STREAM::disable } when HTTP_RESPONSE { catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]] } only look at text data if { [HTTP::header Content-Type] contains "text" } { create a STREAM expression to replace any http:// with https:// STREAM::expression {@http://@https://@} enable STREAM STREAM::enable } }
This will only replace http:// with https:// on the way out (to the client). Presumably you have this applied to a port 443 VIP that is offloading SSL.
- Parveez_70209Nimbostratus
Hi Kevin,
Reviewing this old doc, I am also facing the same issue. When browsing:
https://univardev2.jdadelivers.com/jda/webworksws/SecurityServices?wsdl, it is redirecting to schemalocation: http://univardev2.jdadelivers.com:80/jda/webworksws/SecurityServices?wsdl
Som tried creating a STREAM Profile setting the target as: @http://univardev2.jdadelivers.com:80@https://univardev2.jdadelivers.com@@
Will that work without additonal Irule ?
If incase I create an Irule, whether the below will work:
when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding
disable STREAM for request flow STREAM::disable
} when HTTP_RESPONSE { catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"http://univardev2.jdadelivers.com:80" "https://univardev2.jdadelivers.com"} [HTTP::header Location]] }
only look at text data if { [HTTP::header Content-Type] contains "text" } { create a STREAM expression to replace any http:// with https:// STREAM::expression {@http://univardev2.jdadelivers.com:80@https://univardev2.jdadelivers.com@} enable STREAM STREAM::enable }
}
Thanks and Regards PZ
- paredes_hNimbostratus
@Kevin Stewart thank you!!! It worked for me.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com