Location header rewrite, but only on HTTP 201 events

Scott_Grantham_ · ‎29-Nov-2012

Hello, we have an LTM doing SSL offloading and balancing for a pool of JBoss servers. Because the LTM talks HTTP to the JBoss pool, some Location headers were returning as http instead of https.

Example POST with http Location header:

curl -v -X POST -u username:password https://stage.test.com/SCFileserver/text/ --data-ascii 'Text Example 1'

>

> Text Example 1HTTP/1.1 201 Created

< Server: Apache-Coyote/1.1

< X-UA-Compatible: IE=EmulateIE8

< Location: http://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1

< Content-Length: 0

< Date: Wed, 28 Nov 2012 22:58:29 GMT

< Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

Normally not a problem for a web browser-- the LTM has an iRule to redirect http requests to https-- but our Java app does not handle the 302 redirect to https from the LTM correctly so we want to rewrite the Location header to be https.

It was easy to find an iRule on DevCentral that would ReWrite https into a redirect message, I used this one:

https://devcentral.f5.com/wiki/iRul...iting.ashx

I removed [HTTP::is_redirect] && from line 27 since we want to rewrite the Location before the redirect has a chance to happen.

This seems to work for us as shown in this example after the iRule is applied to the virtual server:

curl -v -X POST -u username:password https://stage.test.com/SCFileserver/text/ --data-ascii 'Text Example 2'

>

> Text Example 2HTTP/1.1 201 Created

< Server: Apache-Coyote/1.1

< X-UA-Compatible: IE=EmulateIE8

< Location: https://stage.test.com/SCFileserver/text/text77cda4f2-4e2f-46e7-9b57-48ec519d8df0

< Content-Length: 0

< Date: Wed, 28 Nov 2012 23:06:37 GMT

< Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

My questions-- is this the best method of changing the Location header in the response, and is there a way to apply the rewrite just to HTTP 201 Created responses?

Something like this?

if { [HTTP::status] == 201 && [string tolower [HTTP::header Location]] starts_with "http://$host"} {

HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]

Thank you,

Scott

What_Lies_Bene1 · ‎29-Nov-2012

Just to clarify, all you want to do is rewrite the Location header in 201 responses? Nothing else?

nitass · ‎29-Nov-2012

your irule looks fine to me.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
  if { [HTTP::status] == 201 && [string tolower [HTTP::header Location]] starts_with "http://"} {
    HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header Location]]
  }
}
}

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 443 or port 80 -k /config/ssl/ssl.key/default.key
New TCP connection 1: 172.28.19.251(35846) <-> 172.28.19.79(443)
1 1  1354259681.9517 (0.0230)  C>S SSLv2 compatible client hello
1 2  1354259681.9518 (0.0000)  S>CV3.1(81)  Handshake
1 3  1354259681.9518 (0.0000)  S>CV3.1(953)  Handshake
1 4  1354259681.9518 (0.0000)  S>CV3.1(4)  Handshake
1 5  1354259681.9537 (0.0019)  C>SV3.1(262)  Handshake
1 6  1354259681.9537 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
1 7  1354259681.9537 (0.0000)  C>SV3.1(36)  Handshake
1 8  1354259681.9718 (0.0180)  S>CV3.1(1)  ChangeCipherSpec
1 9  1354259681.9718 (0.0000)  S>CV3.1(36)  Handshake
1 10 1354259681.9736 (0.0018)  C>SV3.1(325)  application_data
    ---------------------------------------------------------------
    POST /SCFileserver/text/ HTTP/1.1
    Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Accept: */*
    Host: stage.test.com
    Content-Length: 14
    Content-Type: application/x-www-form-urlencoded

    Text Example 1---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(35846) <-> 200.200.200.101(80)
1354259681.9746 (0.0009)  C>S
---------------------------------------------------------------
POST /SCFileserver/text/ HTTP/1.1
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: stage.test.com
Content-Length: 14
Content-Type: application/x-www-form-urlencoded

Text Example 1---------------------------------------------------------------

1354259681.9756 (0.0009)  S>C
---------------------------------------------------------------
HTTP/1.1 201 Created
Server: Apache-Coyote/1.1
X-UA-Compatible: IE=EmulateIE8
Location: http://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1
Content-Length: 0
Date: Wed, 28 Nov 2012 22:58:29 GMT
Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

---------------------------------------------------------------

1 11 1354259681.9757 (0.0021)  S>CV3.1(310)  application_data
    ---------------------------------------------------------------
    HTTP/1.1 201 Created
    Server: Apache-Coyote/1.1
    X-UA-Compatible: IE=EmulateIE8
    Location: https://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1
    Content-Length: 0
    Date: Wed, 28 Nov 2012 22:58:29 GMT
    Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

    ---------------------------------------------------------------
2    1354259681.9757 (0.0000)  S>C  TCP FIN
1    1354259681.9757 (0.0000)  S>C  TCP FIN
1 12 1354259681.9768 (0.0010)  C>SV3.1(22)  Alert
1    1354259681.9778 (0.0010)  C>S  TCP FIN
2    1354259681.9779 (0.0021)  C>S  TCP FIN