Forum Discussion

Roman_80473's avatar
Roman_80473
Icon for Nimbostratus rankNimbostratus
Jan 11, 2012

SSL Termination with clear text response from web server

Hi folks,     This might be a silly question:   We terminate SSL and send traffic to non-secured web servers. We're having some issues encrypting clear text responses on proxy servers before ...
config
design
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Jan 11, 2012
Here's an example which uses a stream profile to rewrite the response headers and/or payload to https://: 

when HTTP_REQUEST {
 Save the requested host value
set host [string tolower [HTTP::host]]
 Disable the stream filter by default
STREAM::disable
}
when HTTP_RESPONSE {
 Check if response type is text and host isn't null
if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{
 Replace http://$host with https://$host
STREAM::expression "@http://$host@https://$host@"
 Enable the stream filter for this response only
STREAM::enable
}
 Rewrite the Location header in redirects to https://
if { [HTTP::is_redirect] && [string tolower [HTTP::header Location]] starts_with "http://$host"} {
HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]
}
}

Aaron