Forum Discussion

hector_40668's avatar
hector_40668
Icon for Nimbostratus rankNimbostratus
Dec 17, 2010

F5 replace string from "http" to "https" in jar files

Hi,

 

 

I am very new to F5 and I hope you guys here can help me out on this.

 

Recently we encounter some problems with files that are going thru the F5. It seems like when the client downloads jars files thru the F5, the contents of the jars files seems to replace.

 

 

For example: original hector.jar files contains multiple files with the string "http://example.com", when the client download this hector.jar files and view it on their local machine, "http://example.com" will be replace with "https://example.com".

 

 

I am really very puzzled as in how come the contents of the jar files will be changed. Is there a settings in the F5 console to stop it from doing so?

 

 

Rgds

 

Hector
application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 17, 2010
    Hi Hector,

     

     

    By default LTM won't modify the response HTTP headers or payload. You could potentially enable this response content rewriting with a stream profile and/or iRule. But that wouldn't be enabled by default. If you test directly to the server(s), do you see http:// or https:// links? Can you post an anonymized copy of the virtual server definition using 'b virtual VS_NAME list'?

     

     

    Aaron
  • hector_40668's avatar
    hector_40668
    Icon for Nimbostratus rankNimbostratus
    Dec 19, 2010
    Hi Aaron,

     

     

    Downloading direct from the server does not changes anything and I could still see http:// links in my jar files.

     

     

    The config is as follows:

     

     

    virtual virtual_server_weblogic_https {

     

    snat automap

     

    pool pool_UAT_7002

     

    destination 192.xxx.xx.xx:https

     

    ip protocol tcp

     

    rules app_uat

     

    profiles

     

    CA_SSL

     

    WebLogic_Stream

     

    Weblogic_HTTPS

     

    tcp

     

    persist app_cookies

     

    }

     

     

    Thanks for looking into this.

     

     

    Rgds

     

    Hector
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 20, 2010
    As Chris suggested, it's quite likely that the stream profile would be the reason for the change in the application content. You can use an iRule to selectively enable the content rewriting for the stream profile:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression

     

     

    Aaron
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 22, 2010
    Yes, the stream profile configuration of a source of http:// and a target of https:// dictates that LTM will replace http:// with https:// in all request and response payloads. To avoid this issue, you can selectively enable the stream filter using STREAM::enable/disable in an iRule. The STREAM::expression wiki page has some examples. A safe bet would be to restrict the rewriting to responses only with a response content-type of text:

    http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression 

    
when HTTP_REQUEST {
    Disable the stream filter for all requests
   STREAM::disable
}
when HTTP_RESPONSE {

    Check if response type is text
   if {[HTTP::header value Content-Type] contains "text"}{

       Replace http:// with https://
      STREAM::expression "@http://@https://@"

       Enable the stream filter for this response only
      STREAM::enable
   }
}

    Aaron