For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

escman's avatar
escman
Icon for Cirrus rankCirrus
Jun 14, 2023

Looking for help with stream log

Hi everyone,

I have this follow iRule that works fine for stream some http content within https pages.

when HTTP_REQUEST {
    STREAM::disable
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
    if { [HTTP::header exists Location] } {
      HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
      }
    if { ([HTTP::header Content-Type] contains "text/css") or ([HTTP::header Content-Type] contains "text/json") or ([HTTP::header Content-Type] contains "text/html") or ([HTTP::header Content-Type] contains "text/webviewhtml") or ([HTTP::header Content-Type] contains ".htm") or ([HTTP::header Content-Type] contains ".html") or ([HTTP::header Content-Type] contains ".htt") or ([HTTP::header Content-Type] contains "stm") or ([HTTP::header Content-Type] contains ".xsl")} {
           STREAM::expression [list {@http://www.domain.com@https://www.domain.com@} {@http://domain.com@https://domain.com@}{@http://wwws.domain.com@https://wwws.domain.com@}]
           STREAM::enable
    }
    elseif { [HTTP::header value Content-Type] contains "image/svg+xml"} {
    STREAM::disable
    }
}

For now I need to log the HTTP occurrences that were replaced by https, I done this follow iRule:

when HTTP_REQUEST {
    STREAM::disable
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
    if { [HTTP::header exists Location] } {
	if { [HTTP::header Location] contains "http://" } {
	set location_http [HTTP::header Location]
	log local0. "Location with HTTP value found: $location_http"
    HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
      }
	}
    if { ([HTTP::header Content-Type] contains "text/css") or ([HTTP::header Content-Type] contains "text/json") or ([HTTP::header Content-Type] contains "text/html") or ([HTTP::header Content-Type] contains "text/webviewhtml") or ([HTTP::header Content-Type] contains ".htm") or ([HTTP::header Content-Type] contains ".html") or ([HTTP::header Content-Type] contains ".htt") or ([HTTP::header Content-Type] contains "stm") or ([HTTP::header Content-Type] contains ".xsl")} {
	    if { [HTTP::payload] contains "http://" } {
		set http_payload [HTTP::payload]
		log local0. "Payload with HTTP value found:: $http_payload" 
		   STREAM::expression [list {@http://www.domain.com@https://www.domain.com@} {@http://domain.com@https://domain.com@}{@http://wwws.domain.com@https://wwws.domain.com@}]
           STREAM::enable
		log local0. "Payload HTTP after streamed: [HTTP::payload]"
    }
}
    elseif { [HTTP::header value Content-Type] contains "image/svg+xml"} {
    STREAM::disable
    }
}

But I understand that maybe this code can be improved, any ideas on what I can change on it?

Thanks!

application delivery