Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

MattB_MA_170307's avatar
MattB_MA_170307
Icon for Nimbostratus rankNimbostratus
Feb 10, 2016

HTTP to HTTPS stream correction

I have an application in Apache Tomcat that is hosted on an internal server on port 8080. Sitting in front of that is my BIP 2000 with a vserver performing SSL offload, also listening port 8080. In f...
application delivery
big-ip
devops
LTM
Artur_Zdolinsk1's avatar
Artur_Zdolinsk1
Historic F5 Account
May 08, 2018

This iRule can cause with some application problems with loading images like PNG which contains inside content data HTTP string. To prevent problems with missing images - you should ensure that on the beginning of HTTP_RESPONSE you first disable STREAM profile and then enable it only for text content-type. iRule should look like this:

Exemple:

when HTTP_REQUEST {
    STREAM::disable
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
    STREAM::disable
    if { [HTTP::header exists Location] } {
        HTTP::header replace Location [string map -nocase {"http://" "https://"}    [HTTP::header Location]]
    }
    if {[HTTP::header value Content-Type] contains "text"}{
        STREAM::expression {@http://@https://@}
        STREAM::enable
   }
}
}
  • Neil_66348's avatar
    Neil_66348
    Icon for Nimbostratus rankNimbostratus
    Dec 05, 2018

    "Artur Zdolinski" you are an absolute legend!!!

     

    I was missing the STREAM::disable statement beneath the HTTP_RESPONSE and thus many images on our site were not loader properly (missing content-length headers etc). Adding this statement instantly fixed it. Thank you so much for sharing this

     

    :)