Forum Discussion
NimbostratusiRule to replace http with https for specific URLs
All,
I am pretty new to F5s and am trying to get a iRule together to replace some of the URLs.
For example:
-
Replace http://user.example.net/images with https://user.example.net/images
-
Replace http://user.example.net/port with https://user.example.net/port
-
But do not change the following URL: http://user.example.net/jwp
I tried the following iRule, but it did not seem to work.
when HTTP_REQUEST {
Disable the stream filter by default
STREAM::disable
} when HTTP_RESPONSE {
if {[HTTP::header value Content-Type] contains "text"}{
set find_url1 "http://user.example.net/images"
set replace_url1 "https://user.example.net/images"
set find_url2 "http://user.example.net/port"
set replace_url2 "https://user.example.net/port"
STREAM::expression "@$find_url1@$replace_url1@ @$find_url2@$replace_url2@"
STREAM::enable
}
else {
STREAM::disable}
}
Any inputs will be appreciated.
Thanks!
4 Replies
- Kevin_Stewart
Employee
So just to be clear, when the response payload contains this string:
http://user.example.net/imagesYou want to replace it with:
https://user.example.net/imagesAnd you have an HTTPS (port 443) VIP ready to receive this request? Or perhaps the opposite - you have a port 443 VIP that must change "http://" references in the response payload to "https://", except for "/jwp", which is accessible via a port 80 HTTP VIP?
- nitass
I tried the following iRule, but it did not seem to work.
you already remove Accept-Encoding HTTP request header, don't you?
- JRahm
Admin
Try something like this:
when HTTP_RESPONSE { STREAM::disable set strexp "" if { [HTTP::header Content-Type] matches_glob "text/*ml" } { append strexp "@http://user.example.net/images@@" append strexp "@http://user.example.net/port@@" } if { $strexp ne "" } { STREAM::expression $strexp STREAM::enable } if { [HTTP::header exists "Location"] } { if { [HTTP::header "Location"] starts_with "http://" } { HTTP::replace "Location" [string map "http:// https://" [HTTP::header "Location"]] } } } when STREAM_MATCHED { switch -glob [string tolower [STREAM::match]] { "http://user.example.net/images" { STREAM::replace "https://user.example.net/images" } "http://user.example.net/port" { STREAM::replace "https://user.example.net/port" } } } - Kevin_Stewart
I just tested your iRule on an 11.x box and it looks okay. Minor cosmetic modification:
when HTTP_REQUEST { STREAM::disable } when HTTP_RESPONSE { if { [HTTP::header Content-Type] contains "text" }{ set find_url1 "http://user.example.net/images" set replace_url1 "https://user.example.net/images" set find_url2 "http://user.example.net/port" set replace_url2 "https://user.example.net/port" STREAM::expression "@$find_url1@$replace_url1@ @$find_url2@$replace_url2@" STREAM::enable } }It changed all references to "http://user.example.net/images" and "http://user.example.net/port" to HTTPS URLs.
And the "/jwp" URL is embedded in the same page and will also be accessible via the same VIP
I don't believe this is true though. An http:// URL will not pass through a 443 VIP.
