HTTPS offload rewriting
Problem this snippet solves:
This iRule shows how to rewrite an HTTP web application's self references from http:// to https:// to avoid insecure content warnings.
Note if the response content size is changed like it would be with this iRule you must use a custom HTTP profile with response chunking set to rechunk.
Code :
when HTTP_REQUEST {
# Save the requested host value
set host [string tolower [HTTP::host]]
# If the HTTP host header is blank, use the VS IP address
# If the VS IP is not routable for clients, hard code a routable IP
# to replace [IP::local_addr]
if {$host eq ""}{set host [IP::local_addr]}
# Disable the stream filter by default
STREAM::disable
}
when HTTP_RESPONSE {
# Check if response type is text and host isn't null
if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{
# Replace http://$host with https://$host
STREAM::expression "@http://$host@https://$host@"
# Enable the stream filter for this response only
STREAM::enable
}
# Rewrite the Location header in redirects to https://
if { [HTTP::is_redirect] && [string tolower [HTTP::header Location]] starts_with "http://$host"} {
HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]
}
}
CirrostratusCirrostratus7 Comments
r_dynamo_79563Nimbostratus
Hi Aaron, There are some HTTP references that are not being displayed at all using above iRule (HTTPS VIP) even after enabling mixed content on the browser. I have a HTTP & HTTPS VIP. Streaming is enabled on the HTTPS VIP, and the HTTP VIP has a generic http to https redirect: when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } Both the VIPs have a custom http profile with Server Response set to "Rechunk," and a custom destination address persistence profile to match across pools in different virtual Servers. Any further suggestions will be highly appreciated.
hoolioHi R, Can you add debug logging to the iRule and post the anonymized log output and a sample of the server response payloads which are not being rewritten? Thanks, Aaron
sprashanthac_81There seems to be a natural behaviour to change the post request as get request. The access method is being altered when using http to https rule. Is there a way to have it fixed. don't want to alter the http method and keep it intact when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } changes the method for POST to GET and breaking our application is there a way to fix it. Seems like this is the usual behavior of F5- AndresG_241389A 301/2 redirect will instruct the requester to reissue the request as a GET... You must a 307
- subrud_297411
Where to paste this code?
If you get errors from browser about XMLHttpRequest response server being send over http.
Error message might be : Mixed Content: The page at 'https:/xxxx.com/zzz.html' was loaded over HTTPS, but requested an insecure resource 'http://xxxx.com/b/ttt.css'. This request has been blocked; the content must be served over HTTPS."
Make sure you assign a compression profile to the VS that runs this irule.
This is because STREAM function requires that server response to be decompressed before hand.
kazeem_yusuf1Hello Hoolio. I used the irule after application owner was getting a 'Blocked loading mixed active content" on his webpage.
However,after applying the Your irule, i get error https://agilitycareuat.kazeem.com.ng:80/UserManagement/com/ericsson/usermanagement/userlogin/fetchLoginLoc.do?username=testuser1.
It appends a port 80,after making a request with test user "testuser1". If however,i remove the port 80. The request goes fine.
What is the solution to this?
