Forum Discussion
Misty_Spillers
Sep 29, 2011Nimbostratus
Https on a http site with stylesheets
Sorry I have searched and there seems like many similar questions but I can't find the one that fixes my issue. I'm far from an expert so sorry if this is newbie but I'm out of time to fix the issue 😞
The basics
I have a vender application that was originally setup in our DMZ on port 80. Through regulations we needed to bring it up to ssl on the front end. Easy enough. (i don't know if you really want me to describe this part but many of our sites run 80 on the back end and are just fine)
Well the site uses stylesheets that I guess generates http links (so people get the message "do you wish to display non secure content etc") and since http not not allowed it doesn't work
This is where I was not sure how to fix so if there is a better solution please let me know.
Anyway I found http://devcentral.f5.com/wiki/iRules.STREAM__disable.ashx which seemed to be what I wanted to do.
I cut and pasted (most of it, I had to add quotes or else this iRule broke the LB on version 9.4.4)
when HTTP_REQUEST {
STREAM::disable
HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
if {[HTTP::header value Content-Type] contains "text"}{
STREAM::expression "@http://@https://@"
STREAM::enable
}
}
I put in the default stream profile as it prompted me.
and poof it worked. Only worked too well that external links on the site are now https as well. I really only need requests directed at the site itself forced to https and I guess I don't really understand the wiki about how to do only some of the links.
Can you direct me in the correct direction?
Thanks so much
- The_BhattmanNimbostratusHi Misty,
- Misty_SpillersNimbostratusThanks for the quick reply. I am so sorry but I may need it more spelled out than that. The first thing you link (http://devcentral.f5.com/Wiki/default.aspx/iRules/STREAM__expression) seems to bring me to a generic page. maybe if I have the examples there I could put something together.
- Michael_YatesNimbostratusHi Misty,
when HTTP_REQUEST { Disable the stream filter for all requests STREAM::disable } when HTTP_RESPONSE { Check if response type is text if {[HTTP::header value Content-Type] contains "text" } { Replace any http:// instance with https://, unless the original string is http://example.com STREAM::expression {@http:(?!//example\.com)@https://@} Enable the stream filter for this response only STREAM::enable } }
- Misty_SpillersNimbostratusHmmm that one just give me the whole "page can not be displayed"
- Misty_SpillersNimbostratus@@ ok this seems to work.
when HTTP_REQUEST { STREAM::disable } when HTTP_RESPONSE { if {[HTTP::header value Content-Type] contains "text"}{ STREAM::expression "&http://*?venderapp\.co\.county\.state\.us&&" STREAM::enable } } when STREAM_MATCHED { if {[STREAM::match] starts_with "venderapp"}{ STREAM::replace "[string map {http:// https://} [STREAM::match]]" log local0. "[IP::client_addr]:[TCP::local_port]: matched: [STREAM::match], replaced with: [string map {http:// https://} [STREAM::match]]" } }
- Michael_YatesNimbostratusI apologize for the delay. After you reported back that it did not work properly I tried it myself and could not get it to work either (I'm not giving up on it, but there is always more than one way to solve a problem).
when HTTP_REQUEST { Disable the stream filter for all requests STREAM::disable } when HTTP_RESPONSE { Check if response type is text if {[HTTP::header value Content-Type] contains "text" } { List the FQDN's that you do NOT want modified and the http:// that will cover everything else that you do. STREAM::expression {@http://example.com@@ @http://example2.com@@ @http://@@} Enable the stream filter for this response only STREAM::enable } } when STREAM_MATCHED { Take the matches from the STREAM::expression and handle them. if {[STREAM::match] contains "example.com" || [STREAM::match] contains "example2.com"} { log local0. "Stream Matched: [STREAM::match]" Return and do not alter them. return } else { STREAM::replace "[string map {http:// https://} [STREAM::match]]" Everything not handled with get http:// replaced with https:// log local0. "Stream Matched ELSE: [STREAM::match]" } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects