For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

andyr0ck_5031's avatar
andyr0ck_5031
Icon for Nimbostratus rankNimbostratus
Jun 13, 2008

Selective SSL rewrite by hostname

Hi,     I'm running a Blackboard e-learning system with SSL offload using a simple rewrite rule to only encrypt text/html (due to problems with binary formats) and I need to also exclude an...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 08, 2008
It would be good to disable the stream filter by default and then enable it for specific responses. This ensures that the stream filter isn't applied on subsequent HTTP responses on the same TCP connection.

I'm not sure if you're trying to check the client IP address or the server IP address. IP::remote_addr in a serverside event context (like HTTP_RESPONSE) will return the server IP. If you want to check the client IP, you can use IP::client_addr (in any context). 

 
 when HTTP_RESPONSE { 
  
     Remove the Pragma header 
    HTTP::header remove "Pragma" 
  
     Disable the stream filter by default 
    if { [HTTP::header Content-Type] contains {text/html;charset=UTF-8} and not ([IP::addr [IP::remote_addr] equals 208.57.158.0/255.255.255.0]) } { 
  
        Set a stream expression 
       STREAM::expression "@http://system.college.ac.uk@https://system.college.ac.uk@" 
  
        Enable the stream profile for this response 
       STREAM::enable 
    } 
 }

Aaron