http to https VIP

Odd. The server should never see the client's IP address when using SNAT.

Do you have address and port translation enabled on the virtual server?

false alarm. I mistakenly thought that I saw the actual IP of the web server, but it's really not, so the SNAT Pool: Auto Map is doing it job correctly.

Okay, so in the client capture, did you still see any redirects coming back specifying HTTPS? Just trying to determine what if any progress has been made so far.

I had to remove the IPs, but I am seeing the same exact behavior, where the client is getting redirected to https, and it's trying ot connect to the VIP on 443, which of couse does not work.

Break out that 200 OK message. What's inside of it?

I was looking at that packet when you responded.

Maybe the if{} statement is the problem. Try changing the iRule to this:

when HTTP_REQUEST {

    Save the requested host value
   set host [string tolower [HTTP::host]]


    Disable the stream filter by default
   STREAM::disable
}
when HTTP_RESPONSE {

    Check if response type is text and host isn't null
   if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{

       Replace http://$host with https://$host
      STREAM::expression "@https://$host@http://$host@"

       Enable the stream filter for this response only
      STREAM::enable

}
}

the client still getting https as part of the redirection. I think it's int the payload and it's not a response that the iRule is handling.

The stream profile should still catch it.

Can you please post your virtual server configuration from tmsh?