cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
hooleylist
Cirrostratus
Cirrostratus

Problem this snippet solves:

This iRule shows how to rewrite an HTTP web application's self references from http:// to https:// to avoid insecure content warnings.

Note if the response content size is changed like it would be with this iRule you must use a custom HTTP profile with response chunking set to rechunk.

Code :

when HTTP_REQUEST {

# Save the requested host value
set host [string tolower [HTTP::host]]

# If the HTTP host header is blank, use the VS IP address
# If the VS IP is not routable for clients, hard code a routable IP
# to replace [IP::local_addr]
if {$host eq ""}{set host [IP::local_addr]}

# Disable the stream filter by default
STREAM::disable
}
when HTTP_RESPONSE {

# Check if response type is text and host isn't null
if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{

# Replace http://$host with https://$host
STREAM::expression "@http://$host@https://$host@"

# Enable the stream filter for this response only
STREAM::enable

}
# Rewrite the Location header in redirects to https://
if { [HTTP::is_redirect] && [string tolower [HTTP::header Location]] starts_with "http://$host"} {
HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]
}
}
Comments
r_dynamo_79563
Nimbostratus
Nimbostratus
Hi Aaron, There are some HTTP references that are not being displayed at all using above iRule (HTTPS VIP) even after enabling mixed content on the browser. I have a HTTP & HTTPS VIP. Streaming is enabled on the HTTPS VIP, and the HTTP VIP has a generic http to https redirect: when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } Both the VIPs have a custom http profile with Server Response set to "Rechunk," and a custom destination address persistence profile to match across pools in different virtual Servers. Any further suggestions will be highly appreciated.
hooleylist
Cirrostratus
Cirrostratus
Hi R, Can you add debug logging to the iRule and post the anonymized log output and a sample of the server response payloads which are not being rewritten? Thanks, Aaron
sprashanthac_81
Nimbostratus
Nimbostratus
There seems to be a natural behaviour to change the post request as get request. The access method is being altered when using http to https rule. Is there a way to have it fixed. don't want to alter the http method and keep it intact when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } changes the method for POST to GET and breaking our application is there a way to fix it. Seems like this is the usual behavior of F5
AndresG_241389
Nimbostratus
Nimbostratus
A 301/2 redirect will instruct the requester to reissue the request as a GET... You must a 307
subrud_297411
Nimbostratus
Nimbostratus

Where to paste this code?

 

Tewfik_Megherbi
F5 Employee
F5 Employee

If you get errors from browser about XMLHttpRequest response server being send over http.

 

Error message might be : Mixed Content: The page at 'https:/xxxx.com/zzz.html' was loaded over HTTPS, but requested an insecure resource 'http://xxxx.com/b/ttt.css'. This request has been blocked; the content must be served over HTTPS."

 

Make sure you assign a compression profile to the VS that runs this irule.

 

This is because STREAM function requires that server response to be decompressed before hand.

 

kazeem_yusuf1
Nimbostratus
Nimbostratus

Hello Hoolio. I used the irule after application owner was getting a 'Blocked loading mixed active content" on his webpage.

 

However,after applying the Your irule, i get error https://agilitycareuat.kazeem.com.ng:80/UserManagement/com/ericsson/usermanagement/userlogin/fetchLo....

 

It appends a port 80,after making a request with test user "testuser1". If however,i remove the port 80. The request goes fine.

 

What is the solution to this?

 

Version history
Last update:
‎18-Mar-2015 11:48
Updated by:
Contributors