Forum Discussion

fyi's avatar
fyi
Icon for Nimbostratus rankNimbostratus
Jul 22, 2024

How exclusion url path file to without https

Hi ,

i want to exclusion my url path without https using irule, 

for example all trafic to : https://myweb.com and 

if access to this url without https to http://myweb.com/dev/data/

 

my existing irule config 

when HTTP_REQUEST {
   # Disable the stream filter for all requests
   STREAM::disable
   # LTM does not uncompress response content, so if the server has compression enabled
   # and it cannot be disabled on the server, we can prevent the server from
   # sending a compressed response by removing the compression offerings from the client
   HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
   # Check if response type is text
      if {[HTTP::header value Content-Type] contains "text" or [HTTP::header value Content-Type] contains "json"}{
      # Replace http:// with https://
      STREAM::expression {@http://@https://@}
      # Enable the stream filter for this response only
      STREAM::enable
      }
}
when STREAM_MATCHED {
    #log local0. "Matched: [STREAM::match]"
}

 

thanks for help

application delivery
devops

1 Reply

Sort By
  • CA_Valli's avatar
    CA_Valli
    Icon for MVP rankMVP
    Jul 23, 2024

    Hi, I'm not sure if I understood your request correctly. As far as I can tell, you're trying to disable SSL (HTTPS) when client tries to access specific file paths, because web server requires non-secure connection, correct? 

    I think that it's safer in this case to keep the connection between client and F5 secure, and perform SSL termination for these specific files only between F5 and your internal server farm. 

    An iRule like this might be what you're looking for

    when HTTP_REQUEST {
  if { [HTTP::header Content-Type] contains "text" || [HTTP::header Content-Type] contains "json" }{ 
#    HTTP::path "/dev/data/"  #This string rewrites HTTP path before sending data, I'm not sure if this is required  
    pool http_pool    #I'd recommend configuring an HTTP pool that connects to your WS to port 80 (or custom port, if that's your setup) 
  }
}
when SERVER_CONNECT {
  if { [LB::server port] == 80 }{ SSL::disable }
}