Forum Discussion

willetzktysthk_'s avatar
Icon for Nimbostratus rankNimbostratus
Sep 13, 2017

HTTPs rewrite



We have 2 apache web servers configured for http only. We have put our f5 big loadbalancer in front doing ssl with the standard redirect irule on a second VS. These 2 rules work fine apart from the java scripts are blocked as it is being serverd over http. how do i setup rule to rewrite the response to https?




8 Replies

  • While you can fix this with an iRule, I would suggest that you don't when the LTM has the ability baked in. Try updating your applied HTTP Profile.


    Login to the Management Console, navigate to your HTTP Profile and then go to the upper left and select the "Help" Tab. It will display a description of each HTTP Profile Option and explain what each option does.


    Look for "Redirect Rewrite". The "Matching" option should resolve your issue.


    Matching: Specifies that the system rewrites the URI in any HTTP redirect responses that match the request URI.


  • Thanks for the reponce but this does not seem to work..


    HTTP vs has the default https redircet rule


    when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }


    And i applied the http profile with rewrite set to match on both VSs but i still get the requests for javascript on http


  • You could try a STREAM expression, something similar to this, (Note replace the "java with the real content-type that your request has for content-type, and you will also need a streams profile attached to your vs)

    when HTTP_RESPONSE {
        if { [HTTP::header value Content-Type] contains "Java"} {
        STREAM::expresion @http://@https://@
  • Thanks for the response

    I added the deafult stream profile and created the follwoing irule for the HTPS vs

    when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding

     disable STREAM for request flow

    } when HTTP_RESPONSE { catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"; ";} [HTTP::header Location]] }

     only look at text data
    if { [HTTP::header Content-Type] contains "text" } {
         create a STREAM expression to replace any http:// with https://
        STREAM::expression [list {@http://@https://@} {@:80@:443@}]
         enable STREAM


    this has fixed the http https issuses but now it has broken the authentication. It is using apache ntlm and i am just getting 401 and 403 errors getting when the java asks for any xhr content

  • Run a developer trace in your client app browser, or packet capture to see if the java piece is adding in the challenge/response to the 401 auth request.


  • Sorry to hear that it did not work for you. Another option is to add the following on your HTTPS Virtual Server:

    when HTTP_RESPONSE {
         if { [URI::protocol [HTTP::header "Location" ]] eq "http" } {
         set path [findstr [HTTP::header "Location" "//" 2]
         HTTP::header replace "Location" "https://$path"
  • Hi

    with this irule the mixed content error is back again. it is not rewriting the xhr requests again.


    The apache server has the following config

            RewriteEngine On
            RewriteCond %{SERVER_NAME} ^(.*)$
            RewriteRule ^(.*)$ - [E=SERVER_NAME:%1,NS]
            RewriteCond %{SERVER_PORT} ^(.*)$ 
            RewriteRule ^(.*)$ - [E=SERVER_PORT:%1,NS] 
            RequestHeader setifempty X-Remote-Address "%{SERVER_NAME}e:%{SERVER_PORT}e"
            RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
            RewriteRule ^(.*)$ - [E=RU:%1,NS]
            RequestHeader setifempty X-Forwarded-User %{RU}e 
            RewriteCond %{LA-U:HTTPS} ^(.*)$
            RewriteRule ^(.*)$ - [E=RP:%1,NS]
            RequestHeader setifempty X-Forwarded-Https %{RP}e
  • It looks like it drops the jsessionid of the post request


    Working http


    send @ jquery-2.2.1.min.js;jsessionid=D85BBC2851E04794EE902350EE1455BD.tomcatB:4


    Broken https


    send@ jquery-2.2.1.min.js:4