Forum Discussion

darrenfoo_19996's avatar
darrenfoo_19996
Icon for Nimbostratus rankNimbostratus
Jun 15, 2011

Rewrite http to https for HTTP::host only

Hi all,

 

 

I'm working on getting SSL offload working with our F5 LTM's but need some tweaks to iRules we have. The application in question was never designed with SSL offloading in mind and therefore the application occasionally sends http:// links in responses and redirects. The problem is sometimes links are sent in responses that are not destined for our application and we cannot rewrite these and so I'm trying to rewrite http to https for only HTTP:host. I used the stream example for the basis:

 

 

 

when HTTP_RESPONSE {

 

 

 

Check if response type is text

 

if {[HTTP::header value Content-Type] contains "text"}{

 

 

 

Replace http:// with https://

 

STREAM::expression {@http://@https://@}

 

 

 

Enable the stream filter for this response only

 

STREAM::enable

 

 

 

if { [HTTP::is_redirect] } {

 

HTTP::respond 302 Location [string map { http:// https:// } [HTTP::header Location]]

 

}

 

}

 

 

 

 

 

The problem is that all http links will be rewritten, but we only want http://www.application.com to be rewritten and not http://www.3rdpartylink.com. I tried STREAM::expression {@http://[HTTP::host]@https://[HTTP::host]@} but it stream:expression doesn't evaluate the HTTP::host definition.

 

 

 

I also found another issue, for some reason the redirect rewrite filters out all other headers which breaks the application since cookies are dropped.

 

 

 

Thanks.

 

  • Hi,

    I think something like this should work:

    when HTTP_REQUEST {
    
        Save the requested host value
       set host [string tolower [HTTP::host]]
    
    
        Disable the stream filter by default
       STREAM::disable
    }
    when HTTP_RESPONSE {
    
        Check if response type is text and host isn't null
       if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{
    
           Replace http://$host with https://$host
          STREAM::expression "@http://$host@https://$host@"
    
           Enable the stream filter for this response only
          STREAM::enable
    
          if { [HTTP::is_redirect] } {
             HTTP::respond 302 Location [string map "http://$host https://$host" [HTTP::header Location]]
       }
    }
    

    Aaron
  • Thanks Aaron!

     

     

    I haven't had a chance to give it a try yet as I'm hoping our developers can fix it in their code but looks like this should work.