Rewrite http:// to https:// in response content

Michael_Jenkins · ‎15-Mar-2016

Problem this snippet solves:

(Maybe I missed it, but) I didn't see a code share for using a

STREAM

profile to rewrite content from http to https.

This share is just to make it easier to find a simple iRule to replace http:// links in page content to https://. It's taken directly from the STREAM::expression Wiki page.

How to use this snippet:

You'll need to assign a STREAM profile to you virtual server in order for this to work (just create an empty stream profile and assign it).

Code :

# Example which replaces http:// with https:// in response content
# Prevents server compression in responses
when HTTP_REQUEST {

   # Disable the stream filter for all requests
   STREAM::disable

   # LTM does not uncompress response content, so if the server has compression enabled
   # and it cannot be disabled on the server, we can prevent the server from 
   # sending a compressed response by removing the compression offerings from the client
   HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {

   # Check if response type is text
   if {[HTTP::header value Content-Type] contains "text"}{

      # Replace http:// with https://
      STREAM::expression {@http://@https://@}

      # Enable the stream filter for this response only
      STREAM::enable
   }
}

Tested this on version:

11.5

Paul_Thom · ‎28-May-2021

When I use this *.png files don't render on the clients. Any idea?

Yiğit_Uslu · ‎22-Aug-2021

Hi Paul,

The stream expression is applied to allot compressed mime-types including png. You need to exclude them.

if { [HTTP::header Content-Type] contains "text" } {

STREAM::expression {@http:\/\/@@}

# enable STREAM

STREAM::enable

} elseif { ([HTTP::header Content-Type] contains "png") or ([HTTP::header Content-Type] contains "msword") or ([HTTP::header Content-Type] contains "ms-excel") or ([HTTP::header Content-Type] contains "ms-powerpoint") or ([HTTP::header Content-Type] contains "pdf") or ([HTTP::header Content-Type] contains "application/x-shockwave-flash") or ([HTTP::header Content-Type] contains "svg")} {

# disable STREAM

STREAM::disable

}

Paul_Thom · ‎22-Aug-2021

Thanks, I removed STREAM but that looks like a better option. Appreciate the response, stay safe.

Emil · ‎24-Aug-2022

Wow, this is really helpful. I was struggling with a migration of a site behind nginx proxy to f5 and images kept breaking due to mixed http/https responses from the backend server (in nginx there was only 301 redirect and images worked). Big-ip Stream profile and the standard suggestion for irule regarding this http_to_https issue didn't help.

Thanks Yiğit_Uslu

Emil · ‎25-Aug-2022

Just wanted to update. My final version to work in our environment is :

when HTTP_REQUEST {
    STREAM::disable
}
when HTTP_RESPONSE {
    if { [HTTP::header Content-Type] contains "text" } {
        STREAM::expression {@http://@https://@}
        STREAM::enable
    }
   elseif { ([HTTP::header Content-Type] contains "png") or ([HTTP::header Content-Type] contains "jpeg") or ([HTTP::header Content-Type] contains "application/x-font-woff") or ([HTTP::header Content-Type] contains "pdf") or ([HTTP::header Content-Type] contains "svg") or ([HTTP::header Content-Type] contains "image/svg+xml")} {
   STREAM::disable
    }
}

Not sure about the application/x-font-woff content. Probably it is unnecessary and will remove it.

DevCentral

Rewrite http:// to https:// in response content