Forum Discussion
Kevin_Davies_40
Aug 19, 2011Nacreous
HTTPS VIP for HTTP Website
Given there are many ways to skin a cat. If you were setting up a https VIP for a http webserver how would you do it? Currently it seems you have to add a stream profile with an iRule to rewrite http to https on the web pages responses to make this work. Seems a bit cumbersome to me so am I missing something? Suggestions appreciated.
Kevin (Jarvil)
- The_BhattmanNimbostratusHi Kevin,
- hoolioCirrostratusIf you have the option of modifying the application, you could make the absolute URLs relative. This avoids the need to do any payload rewriting and will work for HTTP or HTTPS. If not, I'd probably skip proxypass and just use a stream profile and iRule for this.
when HTTP_REQUEST { Save the requested host value set host [string tolower [HTTP::host]] Disable the stream filter by default STREAM::disable } when HTTP_RESPONSE { Check if response type is text and host isn't null if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{ Replace http://$host with https://$host STREAM::expression "@http://$host@https://$host@" Enable the stream filter for this response only STREAM::enable if { [HTTP::is_redirect] } { HTTP::respond 302 Location [string map -nocase "http://$host https://$host" [HTTP::header Location]] } }
- Kevin_Davies_40NacreousI suppose the underlying question here is,
- hoolioCirrostratusHi Kevin,
- HamishCirrocumulusPosted By Kevin on 08/23/2011 04:44 PM
If it was automatic, that wouldn't work any more... Although admittedly if it were just an automated way of adding in an optional stream processing config that would work too...
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects