Forum Discussion
NimbostratusRedirect rewrite Profile
Hi. Have an issue with published webserver. Client --> BigIP (443) BigIP --> Webserver (80) We use the default http redirect rewrite profile
We have a dashboard with reports and some Java scripts. Looking at the console, the issue is a frameset.do file that gives a insecure http link. In turn BigIP refueses connection when it tries to get the content.
Is it possible to make the link https? Actually thought it would be changed to https automatically.
Tried to make a http-->https redirect for client --> bigip, but created a redirect loop.
6 Replies
- Kevin_Stewart
Employee
The redirect rewrite profile only affects 30x redirect responses, not any payload content. One of the most effective ways to rewrite payload content is with a STREAM iRule. Apply an empty STREAM profile to your VIP and an iRule like this:
when HTTP_REQUEST { HTTP::header remove Accept-Encoding STREAM::disable } when HTTP_RESPONSE { if { [HTTP::header Content-Type] contains "text" } { STREAM::expression {@http://@https://@} STREAM::enable } } 
vineyard_166933Thank you, I tried it but no luck. Added a new empty steam profile with no source or target. Added iRule.
Still get: https://url was loaded over HTTPS, but ran insecure content from http://url Running unsafe script the connection to http gets refused.
- Kevin_Stewart
Interesting. Well, the above iRule could fail to rewrite the content on two conditions:
-
The Content-Type header deosn't contain the word "text", or
-
The case is incorrect in the STREAM expression.
If you have a chance, take a look at the content on the client side (best with a tool like Fiddler). When the HTML and JavaScript content come in, see where the offending http:// references are and 1) if the Content-Type header contains the word "text", 2) if the http:// case is correct, and 3) that you haven't just cached the content and not actually downloading a fresh copy.
-
- vineyard_166933
-
1 - the last response header before requesting http is content-type application/json I believe this is the one we want to rewrite. So i tested with "json" and made a difference to the expression. Client will still request http after response. These are present in the last response: "http:\/\/url"
-
2 - tried with your stream expression and from devcentral, pasting my last irule below.
- 3 - cleared cache between changes.
Could also maybe solve this by making the client request https but it seems to make the redirect loop. iRule below.
when HTTP_REQUEST { Disable the stream filter for client requests STREAM::disable } when HTTP_RESPONSE { Disable the stream filter for server responses STREAM::disable Enable the stream filter for text responses only if {[HTTP::header value Content-Type] contains "json"}{ Replace 'old_text' with 'new_text' STREAM::expression {@http:\/\/@https:\/\/@} Enable the stream filter for this response only STREAM::enable } } -
- vineyard_166933
Its improving. I did a mistake on the redirect 80 --> 443, so now its redirecting on a separate VS. It's now rewriting the content type application. Found another content type to rewrite also, so how do we filter both.
if {[HTTP::header value Content-Type] contains "json" or "text"}
- vineyard_166933
Finally got it working with "elseif" and learned its important to place "elseif" on the same line as the last closing bracket.
Thanks for the help. GG
