Forum Discussion

hector_40668's avatar
hector_40668
Icon for Nimbostratus rankNimbostratus
Dec 17, 2010

F5 replace string from "http" to "https" in jar files

Hi,

 

 

I am very new to F5 and I hope you guys here can help me out on this.

 

Recently we encounter some problems with files that are going thru the F5. It seems like when the client downloads jars files thru the F5, the contents of the jars files seems to replace.

 

 

For example: original hector.jar files contains multiple files with the string "http://example.com", when the client download this hector.jar files and view it on their local machine, "http://example.com" will be replace with "https://example.com".

 

 

I am really very puzzled as in how come the contents of the jar files will be changed. Is there a settings in the F5 console to stop it from doing so?

 

 

Rgds

 

Hector

5 Replies

  • Hi Hector,

     

     

    By default LTM won't modify the response HTTP headers or payload. You could potentially enable this response content rewriting with a stream profile and/or iRule. But that wouldn't be enabled by default. If you test directly to the server(s), do you see http:// or https:// links? Can you post an anonymized copy of the virtual server definition using 'b virtual VS_NAME list'?

     

     

    Aaron
  • Hi Aaron,

     

     

    Downloading direct from the server does not changes anything and I could still see http:// links in my jar files.

     

     

    The config is as follows:

     

     

    virtual virtual_server_weblogic_https {

     

    snat automap

     

    pool pool_UAT_7002

     

    destination 192.xxx.xx.xx:https

     

    ip protocol tcp

     

    rules app_uat

     

    profiles

     

    CA_SSL

     

    WebLogic_Stream

     

    Weblogic_HTTPS

     

    tcp

     

    persist app_cookies

     

    }

     

     

    Thanks for looking into this.

     

     

    Rgds

     

    Hector
  • As Chris suggested, it's quite likely that the stream profile would be the reason for the change in the application content. You can use an iRule to selectively enable the content rewriting for the stream profile:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression

     

     

    Aaron
  • Yes, the stream profile configuration of a source of http:// and a target of https:// dictates that LTM will replace http:// with https:// in all request and response payloads. To avoid this issue, you can selectively enable the stream filter using STREAM::enable/disable in an iRule. The STREAM::expression wiki page has some examples. A safe bet would be to restrict the rewriting to responses only with a response content-type of text:

    http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression

    
    when HTTP_REQUEST {
        Disable the stream filter for all requests
       STREAM::disable
    }
    when HTTP_RESPONSE {
    
        Check if response type is text
       if {[HTTP::header value Content-Type] contains "text"}{
    
           Replace http:// with https://
          STREAM::expression "@http://@https://@"
    
           Enable the stream filter for this response only
          STREAM::enable
       }
    }
    

    Aaron