Forum Discussion
jnantel
Nimbostratus
Nimbostratushttp to https with ExtJS lib derived content
To give you a quick summary of my setup:
I am using F5 Bigip LTM to terminate incoming https sessions and forwarding to the webservers with http. There are 2 webservers and they both work correctly and do not self address and all the links are properly converted to http based off the incoming connection. With one exception, a tree view that was created with javascript continues to show http:// links through the load balancer.
I should should see:
https://host/wiki/blahblah.php
Instead I see:
http://host/wiki/blahblah.php
Only links in this tree view behave this way.
Redirect rules do nothing. In my research I was told I may have to use a stream profile and basically rewrite http content on the fly.
My question, does anyone know of an easy way to solve this behavior or maybe correct it at the source?
Any input is welcome input. Thanks.
nitassEmployee
can you try something like this?
STREAM::expression wiki
http://devcentral.f5.com/wiki/iRules.stream__expression.ashx
e.g.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} stream {} tcp {} } } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { STREAM::disable HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { if {[HTTP::header value Content-Type] contains "text"}{ STREAM::expression {@http://host/wiki/blahblah.php@https://host/wiki/blahblah.php@} STREAM::enable } } } [root@ve1023:Active] config curl http://200.200.200.101/test.html ... this is host 101. ... http://host/wiki/blahblah.php ... [root@ve1023:Active] config curl http://172.28.19.79/test.html ... this is host 101. ... https://host/wiki/blahblah.php ...
jnantelDo you know what kind of performance hit streaming causes?
hooleylistCirrostratus
The stream filter and iRule should have fairly low overhead as LTM isn't having to buffer the full payloads to do the rewriting like it would if you used HTTP::collect/HTTP::payload to rewrite the response content. You could make the iRule even more efficient by further limiting when you enable the stream filter. If the http:// reference is only sent in response content for specific response content-types, you could make the 'if {[HTTP::header value Content-Type] contains "text"' check more exact like 'if {[HTTP::header value Content-Type] starts_with "text/javascript"'. Or if the http:// reference is only sent in replies to a specific URI, you could add a check in HTTP_REQUEST based on the requested URI and only enable the stream filter in HTTP_RESPONSE for that URI.
It would be most efficient to avoid using the iRule altogether by updating the application to either use https:// in absolute references or to use relative URIs (without the protocol and host name) if possible.
Aaron