http secure and nonsecure items on page

You can do this with the rewrite redirects option on the HTTP profile for your HTTPS virtual server. Check SOL6912 (Click here) for details.

 

 

Aaron

i have 9.3, i belive the feature you were mentioned is for 9.4.3 ?

 

thanks

 

I'm pretty sure the option has been around since the inception of 9.x. It's definitely available in 9.3.

 

 

Aaron

yes you are correct, the http rewrite is in the profile, but still it did'nt help, i am still getting the secure and nnsecure iteam message on the browser.

 

thanks

 

Hi Aaron,

 

 

We tried using your script but it didn't work. We are using BigIP as an SSL decoder in front of our LifeRay portal running on Tomcat on port 8080. A new HTTP profile was added to the VS and we also set Chunking to Rechunk (we are using v9.2.3). The URLs within Java portlets still appear as http:// instead of https://.

 

 

Is there something else that we can or should do?

 

 

Thanks

Hi,

Do you see any matches logged with the existing rule? Can you add logging to the rule to see if it's triggering when you expect it to?

If you modified the STREAM::expression can you post your exact expression?

Here is an example for added logging:

when HTTP_REQUEST
    Added this event just to save the host/URI
   set url [HTTP::host][HTTP::uri]
}
when HTTP_RESPONSE {
   log local0. "Received response for $url"
    Need to explicitly disable the stream profile by default so it doesn't stay 
      enabled for subsequent HTTP requests on the same TCP connection.
   STREAM::disable
    Apply stream profile against text responses from the application
   if { [HTTP::header value Content-Type] contains "text" }{
      log local0. "Enabled stream filter for $url, with content-type: [HTTP::header value Content-Type]"
       Look for http:// and replace it with https://
      STREAM::expression {@http://@https://@}
       Enable the stream profile
      STREAM::enable
   }
}
 This section is optional and only needs to be included if you want to log matches.  It should be removed before using the rule in production.
when STREAM_MATCHED {
   log local0. "Matched: [STREAM::match]"
}

Aaron

No, we didn't include the logging since it was optional. But we'll add the logging over the weekend and see what we get. I suspect that we may have configured the VS or profile incorrectly. For example, do we need to enable "Redirect rewrite" and set it to "All"? Do we need to create a new stream profile and insert @http://@https://@ the target field?

 

 

Thanks

You should use an existing blank stream profile with this rule. The STREAM::expression and STREAM::enable/disable commands configure the stream filter correctly based in the correct context (only on responses and only if the response content type is text. To avoid inadvertent matches and unnecessary application of the stream profile I don't think you should ever use the stream profile as is without a rule.

 

 

The stream profile rewrites content--not headers. So if the app is sending redirects, it would be a good idea to enable rewriting of redirects on a custom HTTP profile for the virtual server.

 

 

Aaron

For me it did work, what Aaron wrote is perfectly correct, the STREAM filter works perfect with text content type and only on the response, i also agree regarding the use of stream profile only with irule, usage of stream can decrease the performance of your web, one thing we notice that even with the irule and filter of the stream we still can see decrease in the performance but it is very minor.

 

Shay

Switched on the logging and found that the links were embedded in Javascripts, e.g.

tmm[32025]        Rule test4 HTTP_RESPONSE: Enabled stream filter for 172.11.11.12/html/js/liferay/navigation.js, with content-type: text/javascriptcharset=UTF-8
tmm[32025]        Rule test4 HTTP_RESPONSE: Enabled stream filter for 172.11.11.12/html/js/liferay/tags_selector.js, with content-type: text/javascriptcharset=UTF-8

Looks like we'll have to modify the .js files (sigh!).

Thanks for your help.

Adrian