Forum Discussion

bertrand_9354's avatar
bertrand_9354
Icon for Nimbostratus rankNimbostratus
Jan 27, 2012

rewriting location header from server

Hi everybody,

 

 

I have an application on which my client connect to F5 on https and the F5 decrypt to server. The problem is my server (in response) is sending to F5 for each request an301 redirect and so the F5 is not able to analyze it: For example I did a curl on server with the host:

 

curl -v x.x.x.x -H https://toto.net

 

* About to connect() to x.x.x.x port 80

 

* Trying x.x.x.x ... connected

 

* Connected to x.x.x.x ( x.x.x.x ) port 80

 

> GET / HTTP/1.1

 

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

 

> Host: x.x.x.x

 

> Accept: */*

 

> https://toto.net

 

>

 

< HTTP/1.1 301 Redirection

 

< Server: WEB-Access-Server/1.9

 

< Date: Fri, 27 Jan 2012 17:09:32 GMT

 

< Content-type: text/html

 

< Content-length: 457

 

< Location: http://toto/index.htm

 

< Connection: Keep-Alive

 

Error 301

 

 

 

 

HTTP Error 301

 

301 Redirection

 

 

Vous allez être redirigé vers

 

 

Contactez l'administrateur du serveur si ce problème persiste.

 

 

 

* Connection 0 to host x.x.x.x left intact

 

* Closing connection 0

 

 

 

As you can see there is a 301 redirect with a different Location.

 

I tried to change this irules:

 

when HTTP_RESPONSE {

 

if { [HTTP::is_redirect] } {

 

STREAM::expression {@http://@https://@}

 

STREAM::enable

 

}

 

}

 

 

Thks for your help,

 

 

 

B./

 

 

 

application delivery
dev
devops
iRules
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 27, 2012
    Hi Bertrand,

     

     

    You can use a custom HTTP profile with rewrite redirects enabled to have TMM rewrite the redirect to https://.

     

     

    Aaron
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 27, 2012
    Also, the stream profile only affects payloads. If you wanted to do this rewrite in an iRule, you'd want to use HTTP::header:

     

     

    http://devcentral.f5.com/wiki/iRules.http__header.ashx

     

     

    Aaron
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 30, 2012

    e.g.

     

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:443
   ip protocol 6
   profiles {
      clientssl {
         clientside
      }
      http {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}

[root@ve1023:Active] config  curl -Ik https://toto.net/
HTTP/1.1 302 Found
Date: Mon, 30 Jan 2012 14:56:58 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://toto/index.htm
Content-Type: text/html; charset=iso-8859-1

[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
        if {[HTTP::is_redirect]}{
                HTTP::header replace Location [string map {"http://toto" "https://toto.net"} [HTTP::header Location]]
        }
}
}
[root@ve1023:Active] config  b virtual bar rule myrule
[root@ve1023:Active] config  curl -Ik https://toto.net/
HTTP/1.1 302 Found
Date: Mon, 30 Jan 2012 14:57:15 GMT
Server: Apache/2.2.3 (CentOS)
Location: https://toto.net/index.htm
Content-Type: text/html; charset=iso-8859-1