Basic HTTP Stream Profile

Question

Hi all,&nbsp;
I basicly try to use the stream profile to replace the http:// string of my server side response data with https:// and just changed my custom stream profile as below :&nbsp;
&nbsp;
But though I simply click the http://192.168.50.111/ into my web browser, it just keeps load balancing and retrieves a pool member with a HTTP 200 OK code. Isn't it expected that it must show me https://192.168.50.111 instead of http?&nbsp;
In my research, it says if the web page returns 302, 303 or 307 status codes, we can see a Location Header which can show the replaced URL as https://blabla in the captured packets (collected with Wireshark) or sth else. &nbsp;
Is there any other configuration in F5 menu to apply the stream profile correctly? I want to only use the Stream Profile, not an iRule. However iRule didn't work either. I really don't know why. Here's the curl command result :&nbsp;
&nbsp;
Thank you.&nbsp;

vitaliy_savrans · Answer

Hi,
the Stream profile allows you the ability to search for a string within a data stream and replace that string with another string. In your case it searchs in data stream "http:\http://192.168.50.111/" and replace to https://192.168.50.111, not doing redirect.
If you want to redirect from http to https you can use simple, iRule:
when HTTP_REQUEST {
   HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]

noyan_137135 · Answer

Thank you for the reply.
In fact I don't want to do a redirection, just trying to work with Stream Profile itself but I still can't get to observe how is the correct usage and its effects. &nbsp;
Well, if I write the source as just "http://" and the target is "https://" what will be effected and how can I test the output? Will there be a difference?&nbsp;

kevin_stewart · Answer

The STREAM profile doesn't really work well with URLs. It works on the data in both directions, so basically you're saying replace any http:// references with https:// on the way in (Host headers usually), and again replace any http:// references with https:// on the way out (Location headers and payload object references). So assuming you only want to replace content in one direction, you necessarily need to do STREAM in an iRule. Apply an empty STREAM profile to the VIP and an iRule like this:
when HTTP_REQUEST {
     tell server not to compress response
    HTTP::header remove Accept-Encoding

disable STREAM for request flow
    STREAM::disable
}
when HTTP_RESPONSE {
     catch and replace redirect headers
    if { [HTTP::header exists Location] } {
        HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
    }

only look at text data
    if { [HTTP::header Content-Type] contains "text" } {

create a STREAM expression to replace any http:// with https://
        STREAM::expression {@http://@https://@}

enable STREAM
        STREAM::enable
    }
}

This will only replace http:// with https:// on the way out (to the client). Presumably you have this applied to a port 443 VIP that is offloading SSL.

parveez_70209 · Answer

Hi Kevin,
Reviewing this old doc, I am also facing the same issue.
When browsing: 
https://univardev2.jdadelivers.com/jda/webworksws/SecurityServices?wsdl, it is redirecting to schemalocation: http://univardev2.jdadelivers.com:80/jda/webworksws/SecurityServices?wsdl
Som tried creating a STREAM Profile setting the target as: @http://univardev2.jdadelivers.com:80@https://univardev2.jdadelivers.com@@
Will that work without additonal Irule ?
If incase I create an Irule, whether the below will work:
when HTTP_REQUEST {
     tell server not to compress response
    HTTP::header remove Accept-Encoding
 disable STREAM for request flow
STREAM::disable

}
when HTTP_RESPONSE {
     catch and replace redirect headers
    if { [HTTP::header exists Location] } {
        HTTP::header replace Location [string map {"http://univardev2.jdadelivers.com:80" "https://univardev2.jdadelivers.com"} [HTTP::header Location]]
    }
 only look at text data
if { [HTTP::header Content-Type] contains "text" } {

create a STREAM expression to replace any http:// with https://
    STREAM::expression {@http://univardev2.jdadelivers.com:80@https://univardev2.jdadelivers.com@}

enable STREAM
    STREAM::enable
}

}
Thanks and Regards
PZ

paredes_h · Answer

@Kevin Stewart thank you!!! It worked for me.

Forum Discussion

Basic HTTP Stream Profile

5 Replies

Recent Discussions

ASM Policy in "Blocking" Mode switch to "Transparent" for some IP's

F5 WAF/ASM block users that trigger too many violations by source ip/device id using the correlation logs

redirect not working

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

HIRE ADRIAN LAMO HACKER TO RECLAIM LOST CRYPTOCURRENCY

Related Content

Help with Local Traffic Policy with streaming app. and basic understanding.

Implementing basic OAuth with F5 BIG-IP APM

What is HTTP Part V - HTTP Profile Basic Settings

Setting up F5 Telemetry Streaming with Splunk Cloud

Troubleshooting BIG-IP - The Basics