For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Shay_Ben-David1's avatar
Shay_Ben-David1
Icon for Nimbostratus rankNimbostratus
Feb 05, 2008

http secure and nonsecure items on page

Hi everyone, i have two VS's on the bigip one for HTTP and another for HTTPS (same domain), i have an irule on the HTTP VS to redirect all to the HTTPS VS, problem is that my pages contains both secur...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 04, 2008
Hi,

Do you see any matches logged with the existing rule? Can you add logging to the rule to see if it's triggering when you expect it to?

If you modified the STREAM::expression can you post your exact expression?

Here is an example for added logging:


when HTTP_REQUEST
    Added this event just to save the host/URI
   set url [HTTP::host][HTTP::uri]
}
when HTTP_RESPONSE {
   log local0. "Received response for $url"
    Need to explicitly disable the stream profile by default so it doesn't stay 
      enabled for subsequent HTTP requests on the same TCP connection.
   STREAM::disable
    Apply stream profile against text responses from the application
   if { [HTTP::header value Content-Type] contains "text" }{
      log local0. "Enabled stream filter for $url, with content-type: [HTTP::header value Content-Type]"
       Look for http:// and replace it with https://
      STREAM::expression {@http://@https://@}
       Enable the stream profile
      STREAM::enable
   }
}
 This section is optional and only needs to be included if you want to log matches.  It should be removed before using the rule in production.
when STREAM_MATCHED {
   log local0. "Matched: [STREAM::match]"
}

Aaron