Forum Discussion

Gerardo_Garcia_'s avatar
Gerardo_Garcia_
Icon for Nimbostratus rankNimbostratus
Jul 09, 2008

Excluding some urls for the STREAM conversion

I have the following iRule that converts http to https for external users only as defined on the internal_net     However, when the page contains calls to google.com, amazon.com, ebay.com i...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Jul 25, 2008
That's interesting... It looks like the ? in the regex might not be performing a lazy match on the string being searched.

In a quick test, the ? works for regexp to restrict the match to the shortest possible string: 

 
 when RULE_INIT { 
    log local0. "[regexp -inline {test.*?example\.com} {test1.example.com text text test2.example.com}]" 
 }

Log output:

Rule : test1.example.com

Likewise, using the last rule I posted worked for a test below: 

 
 when HTTP_RESPONSE {  
    
     Disable the stream filter by default  
    STREAM::disable  
    
     Check if response type is text 
    if {[HTTP::header value Content-Type] contains "text"}{  
  
       log local0. "[IP::client_addr]:[TCP::client_port]: Setting stream expression, enabling filter"   
        Replace any http:// instance with https:// only if the original string is http://*example.com:  
       STREAM::expression {@http://.*?example\.com@@} 
  
        Enable the stream filter for this response only  
       STREAM::enable 
    } 
 }   
 when STREAM_MATCHED {  
    log local0. "[IP::client_addr]:[TCP::local_port]: matched: [STREAM::match], replaced with: [string map {http:// HTTPS://} [STREAM::match]]"  
    STREAM::replace "[string map {http:// HTTPS://} [STREAM::match]]"  
 }

Here is the log output for a request which was rewritten:

: 10.1.1.1:4683: matched: http://test.example.com, replaced with: HTTPS://test.example.com

: 10.1.1.1:4683: matched: http://example.com, replaced with: HTTPS://example.com

And here is the updated response content:

HTTPS://test.example.com

HTTPS://example.com

https://example.com

http://nochange.com

To compare, this is a request direct to the server:

http://test.example.com

http://example.com

https://example.com

http://nochange.com

I'm not sure why the rule isn't working when you're testing against your application. I would suggest opening a case with F5 Support referencing this post, as the example is working on a simple test in 9.4.4 and should work for your scenario.

On your second point, if you need to only match some subdomains but not all, you could either modify the regex in the stream expression, or add logic to the STREAM_MATCHED event. For the second option, you can check if the matched string is in a list or datagroup of subdomains to not rewrite. In that case, just don't call STREAM::replace.

Aaron