Forum Discussion
Gerardo_Garcia_
Nimbostratus
NimbostratusConvert refrences inside the page to https
I need to convert the text that we are going to send back to the external users to be HTTPS for internal users I want http
My understanding is that we will need to change the payload to do that.
Can you provide me an iRule to do something like that or mybe a guideline?
9 Replies
hoolioCirrostratus
Gerardo_Garcia_I've implemented the option with STREAM and now my content is missing some code at the end of the page- Gerardo_Garcia_I forgot to post the code
I'm using this
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&view=topic&postid=1871318767
With a little change
when HTTP_RESPONSE {
if { not ([matchclass [IP::client_addr] equals $::internal_net])}{
set content_length 1000000
HTTP::collect $content_length
Enable debug logging to /var/log/ltm? 1=yes, 0=no
set debug 1
If the response content type is text, configure the default stream profile to replace http:// with https://
if {[string tolower [HTTP::header value Content-Type]] contains "text"}{
STREAM::expression @http://@https://@
STREAM::enable
}
Check if the response is a redirect (3xx)
if {[HTTP::is_redirect]}{
if {$debug}{log local0. "Original Location: [HTTP::header value Location], Updated Location: [string map {http: https:} [HTTP::header value Location]]"}
Use 'string map' to replace http: with https:
HTTP::header replace Location [string map {http: https:} [HTTP::header value Location]]
}
}
} - Arie
Altostratus
The STREAM is limited to examining about 5kB, I believe. - Gerardo_Garcia_No, I'm getting more than 5 KB, the issues seems to be with the Content-Length
The difference between the SSL pages and the non-SSL page is the number of charcters added by the iRule.
I'm getting the page from the IIS server, then we do the conversion, after the conversion we have some extra characters due to https instead of the http
At the end of the file we are missing some characters.
If you check the code posted you can see that I'm increasing the Content Length to 1000000 but I still received the SSL content cut off.
set content_length 1000000
HTTP::collect $content_length
Any ideas? - hoolioWhat version of LTM are you running? It sounds like the content length header value isn't being updated. Can you try changing the HTTP profile option for chunking to rechunk and retest? This is described in SOL (Click here). I thought it was fixed in 9.4, but the solution has been changed to indicate it affects all current versions...
tammelaj, I think the 5k limit you're referring to is how many bytes bigd will parse in monitor response bodies (Click here).
Aaron - Gerardo_Garcia_This is the version that we have installed
BIG-IP 9.2.4 Build 13.1 - hoolioIf you set the HTTP profile option for chunking to rechunk, it should fix the problem. You may want to create a new HTTP profile only for use with this VIP with the chunking option customized.
Aaron - Gerardo_Garcia_It worked!!
What kind of overload are we paying for the rechunking?
Thanks Aaron!
