Forum Discussion
EddieV_26235
Nimbostratus
Nimbostratusrewriting location header data
I'll just jump right into the good stuff. Here's my scenario:
wget --no-check-certificate -S "https://69.80.196.153/zap?aid=10000066&sid=6&can=fffffffffffffffe" -O /dev/null 2>&1 | grep " Location: " | grep --color "http://"
Location: https://bh.contextweb.com/bh/rtset?do=add&pid=536088&ev=4614711881901867008&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=fffffffffffffffe
Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=fffffffffffffffe
Location: http://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?can=ffffffffffffffee%26adnxs_uid=$UID
A customer has requested to see if the possibility exists to rewrite the location headers from http to https. The first "location: https" is the F5. We are terminating the ssl connection on the F5 and passing the connection to a pool of servers on port 80. We are using an HTTP profile to rewrite the response to https. Is it possible to rewrite the rest of the location headers in the response?
I found and tried the iRule below but didn't work:
when HTTP_RESPONSE {
Check if response type is text
if {[HTTP::header value Content-Type] contains "text"}{
Replace http:// with https://
STREAM::expression {@http://@https://@}
Enable the stream filter for this response only
STREAM::enable
}
}
Michael_YatesHi EddieV,
Did you create a blank stream profile and apply it to the Virtual Server and create a custom HTTP Profile that has the "Response Chunking" set to "Rechunk"?
EddieV_26235Using the default stream profile. I'm not familiar with stream at all. The F5 alerted me to enable when I applied the iRule with the stream expression.
Response chunking set to Selective
nitassEmployee
are bh.contextweb.com, matcher-cwb.bidder7.mookie1.com and ib.adnxs.com under F5 i.e. virtual server?wget --no-check-certificate -S "https://69.80.196.153/zap?aid=10000066&sid=6&can=fffffffffffffffe" -O /dev/null 2>&1 | grep "Location:" Location: /zap-set?aid=10000066&sid=6&can=fffffffffffffffe Location: /zap-set?aid=10000066&sid=6&can=fffffffffffffffe [following] Location: https://bh.contextweb.com/bh/rtset?do=add&pid=536088&ev=4614500775662583808&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=fffffffffffffffe Location: https://bh.contextweb.com/bh/rtset?do=add&pid=536088&ev=4614500775662583808&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=fffffffffffffffe [following] Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=fffffffffffffffe Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=fffffffffffffffe [following] Location: /do-association-set?return=ctxweb&can=fffffffffffffffe Location: /do-association-set?return=ctxweb&can=fffffffffffffffe [following] Location: http://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?can=ffffffffffffffee%26adnxs_uid=$UID Location: http://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?can=ffffffffffffffee%26adnxs_uid=$UID [following]- EddieV_26235
Nitass,
I'm trying to get a definitive answer from my customer regarding that right now. Thank you for the response. - EddieV_26235I tried to use rechunk and no success.
I'm working on restating the problem.
- EddieV_26235Looks like an answer was found and for specific instances:
when HTTP_RESPONSE {
if { [string tolower [HTTP::header "Location"]] contains "?http" } {
HTTP::header replace "Location" [string map -nocase {?http: ?https:} [HTTP::header "Location"]]
}
if { [string tolower [HTTP::header "Location"]] contains "=http" } {
HTTP::header replace "Location" [string map -nocase {=http =https} [HTTP::header "Location"]]
}
if { [string tolower [HTTP::header "Location"]] contains "&http" } {
HTTP::header replace "Location" [string map -nocase {&http &https} [HTTP::header "Location"]]
}
} - nitasswith http profile, stream profile will replace only http payload.
without http profile, it will replace tcp payload which includes http header.[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.65.152:https ip protocol tcp profiles { clientssl { clientside } myhttp {} tcp {} } } [root@ve1023:Active] config b profile myhttp list profile http myhttp { defaults from http redirect rewrite all } [root@centos251 ~] cat /etc/hosts 172.28.65.152 bh.contextweb.com matcher-cwb.bidder7.mookie1.com ib.adnxs.com [root@centos251 ~] wget --no-check-certificate -S "https://172.28.65.152/zap?aid=10000066&;sid=6&;can=fffffffffffffffe" -O /dev/null 2>&1|grep -i location Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe [following] Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=http://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=http://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe [following] Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe [following] Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe [following] Location: https://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID Location: https://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID [following] [root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.65.152:https ip protocol tcp profiles { clientssl { clientside } mystream {} tcp {} } } [root@ve1023:Active] config b profile mystream list profile stream mystream { defaults from stream source "http://" target "https://" } [root@centos251 ~] cat /etc/hosts 172.28.65.152 bh.contextweb.com matcher-cwb.bidder7.mookie1.com ib.adnxs.com [root@centos251 ~] wget --no-check-certificate -S "https://172.28.65.152/zap?aid=10000066&;sid=6&;can=fffffffffffffffe" -O /dev/null 2>&1|grep -i location Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe [following] Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe [following] Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe [following] Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe [following] Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID [following]
hope this helps. - nitassjust in case you want to use HTTP::is_redirect.
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.65.152:https ip protocol tcp rules myrule profiles { clientssl { clientside } http {} tcp {} } } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_RESPONSE { if {[HTTP::is_redirect]} { HTTP::header replace Location [string map -nocase {http:// https://} [HTTP::header value Location]] } } } [root@centos251 ~] cat /etc/hosts 172.28.65.152 bh.contextweb.com matcher-cwb.bidder7.mookie1.com ib.adnxs.com [root@centos251 ~] wget --no-check-certificate -S "https://172.28.65.152/zap?aid=10000066&;sid=6&;can=fffffffffffffffe" -O /dev/null 2>&1|grep -i location Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe [following] Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe [following] Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe [following] Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe [following] Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID [following] - EddieV_26235Thanks nitass. My initial use of stream was incorrect. Your second post HTTP::is_redirect is the method I ended up using.