Forum Discussion
fita_30888
Nimbostratus
Nimbostratusserverside SSL
Hi there,
I have a customer with a weird requirement. They have an application server that only supports HTTP communication. However for one reason or another they need this server to be able ...
hoolio
Cirrostratus
CirrostratusRe-encrypting a decrypted request is the most common (not not only) use case for server SSL. If you need to rewrite the response headers, you could use 'HTTP::header replace'. For response content, you could use a blank stream profile and a STREAM::expression iRule.
Here are a few examples:
http://devcentral.f5.com/wiki/default.aspx/iRules/RewriteHTTPRedirectHostname.html
when HTTP_RESPONSE {
Check if server response is a redirect
if { [HTTP::header is_redirect]} {
Log original and updated values
log local0. "Original Location header value: [HTTP::header value Location],\
updated: [string map -nocase "https:// http://" [HTTP::header value Location]]"
Do the update, replacing https:// with http://
HTTP::header replace Location [string map -nocase "https:// http://" [HTTP::header value Location]]
}
}
And for payload rewriting:
http://devcentral.f5.com/wiki/default.aspx/iRules/STREAM__expression.html
when HTTP_RESPONSE {
Disable the stream filter by default
STREAM::disable
Check if response type is text
if {[HTTP::header value Content-Type] contains "text"}{
Replace https:// with http://
STREAM::expression "@https://@http://@"
Enable the stream filter for this response only
STREAM::enable
}
}
As the payload size would change for the stream iRule rewrite, you'll need to set the HTTP profile option for chunking to rechunk.
Again, I'd suggest you try the scenario without iRules to start with. It's quite possible you won't need any iRules.
Aaron
