Forum Discussion
Rewrite http to https for HTTP::host only
I'm working on getting SSL offload working with our F5 LTM's but need some tweaks to iRules we have. The application in question was never designed with SSL offloading in mind and therefore the application occasionally sends http:// links in responses and redirects. The problem is sometimes links are sent in responses that are not destined for our application and we cannot rewrite these and so I'm trying to rewrite http to https for only HTTP:host. I used the stream example for the basis:
when HTTP_RESPONSE {
Check if response type is text
if {[HTTP::header value Content-Type] contains "text"}{
Replace http:// with https://
STREAM::expression {@http://@https://@}
Enable the stream filter for this response only
STREAM::enable
if { [HTTP::is_redirect] } {
HTTP::respond 302 Location [string map { http:// https:// } [HTTP::header Location]]
}
}
The problem is that all http links will be rewritten, but we only want http://www.application.com to be rewritten and not http://www.3rdpartylink.com. I tried STREAM::expression {@http://[HTTP::host]@https://[HTTP::host]@} but it stream:expression doesn't evaluate the HTTP::host definition.
I also found another issue, for some reason the redirect rewrite filters out all other headers which breaks the application since cookies are dropped.
Thanks.
- hooleylistCirrostratusHi,
when HTTP_REQUEST { Save the requested host value set host [string tolower [HTTP::host]] Disable the stream filter by default STREAM::disable } when HTTP_RESPONSE { Check if response type is text and host isn't null if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{ Replace http://$host with https://$host STREAM::expression "@http://$host@https://$host@" Enable the stream filter for this response only STREAM::enable if { [HTTP::is_redirect] } { HTTP::respond 302 Location [string map "http://$host https://$host" [HTTP::header Location]] } }
- darrenfoo_19996NimbostratusThanks Aaron!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com