iRule/Stream Profile

Question

Hi,&nbsp;
&nbsp;I'm hoping someone can point me in the right direction. Here's the basic issue:&nbsp;
&nbsp;We have an F5 in front of a Lotus application and we're doing some basic http to https redirects. However on certain pages we're receiving Explorer/Firefox http/https mixed content alerts. We have a TCP 443 virtual server that terminates the SSL, cleartext on backend. HTTP profile is configured to rewrite HTTP redirect responses to HTTPS type requests. This works. The problem is that a javascript has HTTP hard coded within it somewhere which means the client initiates the following request on TCP 80: GET /lotus/spellcheck/javascript/NG.js HTTP/1.1
. What is really required is to rewrite all the HTTP links to HTTPS when rendering the page, therefore if you viewed the source of a page it wouldn’t have any HTTP links (and therefore there wouldn’t be any security alerts)&nbsp;
&nbsp;If anyone can point me in the right direction i'd really appreciate it.&nbsp;

hoolio · Answer

As your subject suggests, you can use a blank stream profile and a STREAM::expression based iRule to rewrite the response content.  I'd suggest creating a test VS to try this on first if the existing VS is in production.  You can check the STREAM::expression wiki page for examples to get started: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression 
&nbsp;  
&nbsp; Aaron

Forum Discussion

iRule/Stream Profile

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

An irule to validate client ID via DNS lookup using the stream profile.

F5 BIG-IP Advanced WAF – DOS profile configuration options.

Multiple stream replacements using an iRule

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

Update your DevCentral user profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS