Forum Discussion
FSC-IT_27241
Nimbostratus
Nimbostratusdazed and confused irule newbie http to https
I have a site that I am using the profile to rewrite all to map http to https. The trouble is any url redirects the site has to other sites it is also putting those to https which may or may not be supported by the native site.
Is there a way to only rewrite things that contain the mydomain.com?
hoolioCirrostratus
Here is an example:when HTTP_REQUEST { Check if requested domain is mydomain.com if {[string tolower [HTTP::host]] eq mydomain.com}{ Redirect client to https HTTP::redirect https://mydomain.com[HTTP::uri] } }
Aaron- You can also use a similar rule to trigger re-writes from the server to the client:
when HTTP_RESPONSE { Check if requested domain is mydomain.com if {[string tolower [HTTP::host]] eq mydomain.com}{ Redirect client to https STREAM::expression "@http@https@" STREAM::enable } }
HTH,
Colin 
FSC-IT_27241Thanks for the quick responses. Let me explain this a different way. The application we have behind the F5 will occasionally redirect to an external site. If I have the HTTP profile rewrite set to all the application will work fine on the mydomain.com. But any redirects it will put https://externaldomain.com.
If I set the rewrite http profile setting to matching, some redirections within the application to mydomain.com will prompt the user with the message "you are about to be redirected to a connection that is not secure..." But external redirects are working fine (i.e. http://externaldomain.com)
Since I cannot change the application, I am trying to either stop the message from appearing by ensuring https (which I have done via an irule) or I need to rewrite the protocol for any instance that does not include mydomain.com. Unfortunately that is where I am still struggling.
Thoughts? for what is worth I am running BIG-IP 9.2.5 Build 5.1- hoolioIs the insecure content warning happening because the application is sending a redirect to an http URL hosted on the VIP? Or does the page content contains absolute references to http content (http://example.com/file.jpg for example)? If it's the former, you can rewrite the redirect if it contains your domain using a rule like this:
when HTTP_REQUEST { Save the requested host header value for reference in the response set host [HTTP::host] } when HTTP_RESPONSE { Check if this is a redirect (30x response status) if {[HTTP::is_redirect]}{ Replace the http://host with https://host in the Location header HTTP::header replace Location [string map -nocase "http://$host" "https://$host" [HTTP::header value Location]] } }
This assumes that you only want to rewrite the Location value from http to https if the host in the redirect Location header is what the client requested.
If the page content contains absolute references to http://, you can use a blank stream profile and an iRule to replace http with https in the response content. Check the STREAM::expression wiki page (Click here) for an example.
Aaron - FSC-IT_27241Just FYI: This is what I went with, sorry for not sharing this sooner. Thanks for all your help.
when HTTP_RESPONSE {
Check if this is a redirect (30x response status)
if {[HTTP::is_redirect]}{
if {[HTTP::header value Location] contains ".mydomain.com"}{
HTTP::header replace Location [string map -nocase {"http://" "https://"} [HTTP::header value Location]]
}
}
}
