For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AhmadJ's avatar
AhmadJ
Icon for Altocumulus rankAltocumulus
Jun 03, 2023
Solved

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

Hi

we are trying to exclude from force https irule the below

content typeHTTP::header value Content-Type] equals "text/xml; charset=utf-8"

 also we are using stream profile because we applied irule for mixed contents

is there any way to exclude the above content type from force ssl

application delivery
  • Paulius's avatar
    Paulius
    Jun 04, 2023

    AhmadJ I believe the following iRule should fix what you are referring to. I recommend testing this before putting into production or performing the change in off hours in order to minimize possible downtime if by chance the change is incorrect.

    when HTTP_REQUEST priority 500 {

    STREAM::disable

}

when HTTP_RESPONSE priority 500 {

    if { ([HTTP::header Content-Type] contains "text/html") && !([HTTP::header Content-Type] == "text/xml; charset=utf-8") } {
        STREAM::expression {@http://@https://@}
        STREAM::enable
    } elseif { ([HTTP::header Content-Type] contains "png") || ([HTTP::header Content-Type] contains "jpeg") || ([HTTP::header Content-Type] contains "application/x-font-woff") || ([HTTP::header Content-Type] contains "pdf") || ([HTTP::header Content-Type] contains "svg") || ([HTTP::header Content-Type] contains "image/svg+xml")} {
        STREAM::disable
    }

}

4 Replies

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Jun 04, 2023

    AhmadJ Would you be able to provide the existing iRule configuration? Are you doing the force SSL on the F5 side or server side?

    • AhmadJ's avatar
      AhmadJ
      Icon for Altocumulus rankAltocumulus
      Jun 04, 2023

      pauljthis is the irule whicg we use

      when HTTP_REQUEST {
      STREAM::disable
      }
      when HTTP_RESPONSE {
      if { [HTTP::header Content-Type] contains "text/html" } {
      STREAM::expression {@http://@https://@}
      STREAM::enable
      }
      elseif { ([HTTP::header Content-Type] contains "png") or ([HTTP::header Content-Type] contains "jpeg") or ([HTTP::header Content-Type] contains "application/x-font-woff") or ([HTTP::header Content-Type] contains "pdf") or ([HTTP::header Content-Type] contains "svg") or ([HTTP::header Content-Type] contains "image/svg+xml")} {
      STREAM::disable
      }
      }

      fforce SSL hapening on F5

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP
        Jun 04, 2023

        AhmadJ I believe the following iRule should fix what you are referring to. I recommend testing this before putting into production or performing the change in off hours in order to minimize possible downtime if by chance the change is incorrect.

        when HTTP_REQUEST priority 500 {

    STREAM::disable

}

when HTTP_RESPONSE priority 500 {

    if { ([HTTP::header Content-Type] contains "text/html") && !([HTTP::header Content-Type] == "text/xml; charset=utf-8") } {
        STREAM::expression {@http://@https://@}
        STREAM::enable
    } elseif { ([HTTP::header Content-Type] contains "png") || ([HTTP::header Content-Type] contains "jpeg") || ([HTTP::header Content-Type] contains "application/x-font-woff") || ([HTTP::header Content-Type] contains "pdf") || ([HTTP::header Content-Type] contains "svg") || ([HTTP::header Content-Type] contains "image/svg+xml")} {
        STREAM::disable
    }

}