Forum Discussion

Scott_Grantham_'s avatar
Scott_Grantham_
Icon for Nimbostratus rankNimbostratus
Nov 29, 2012

Location header rewrite, but only on HTTP 201 events

 

Hello, we have an LTM doing SSL offloading and balancing for a pool of JBoss servers. Because the LTM talks HTTP to the JBoss pool, some Location headers were returning as http instead of https.

 

 

Example POST with http Location header:

 

 

curl -v -X POST -u username:password https://stage.test.com/SCFileserver/text/ --data-ascii 'Text Example 1'

 

>

 

> Text Example 1HTTP/1.1 201 Created

 

< Server: Apache-Coyote/1.1

 

< X-UA-Compatible: IE=EmulateIE8

 

< Location: http://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1

 

< Content-Length: 0

 

< Date: Wed, 28 Nov 2012 22:58:29 GMT

 

< Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

 

 

 

Normally not a problem for a web browser-- the LTM has an iRule to redirect http requests to https-- but our Java app does not handle the 302 redirect to https from the LTM correctly so we want to rewrite the Location header to be https.

 

 

It was easy to find an iRule on DevCentral that would ReWrite https into a redirect message, I used this one:

 

 

https://devcentral.f5.com/wiki/iRul...iting.ashx

 

 

I removed [HTTP::is_redirect] && from line 27 since we want to rewrite the Location before the redirect has a chance to happen.

 

 

This seems to work for us as shown in this example after the iRule is applied to the virtual server:

 

 

curl -v -X POST -u username:password https://stage.test.com/SCFileserver/text/ --data-ascii 'Text Example 2'

 

>

 

> Text Example 2HTTP/1.1 201 Created

 

< Server: Apache-Coyote/1.1

 

< X-UA-Compatible: IE=EmulateIE8

 

< Location: https://stage.test.com/SCFileserver/text/text77cda4f2-4e2f-46e7-9b57-48ec519d8df0

 

< Content-Length: 0

 

< Date: Wed, 28 Nov 2012 23:06:37 GMT

 

< Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

 

 

 

My questions-- is this the best method of changing the Location header in the response, and is there a way to apply the rewrite just to HTTP 201 Created responses?

 

 

Something like this?

 

 

 

if { [HTTP::status] == 201 && [string tolower [HTTP::header Location]] starts_with "http://$host"} {

 

HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]

 

 

Thank you,

 

 

Scott

 

 

 

2 Replies

  • Just to clarify, all you want to do is rewrite the Location header in 201 responses? Nothing else?
  • your irule looks fine to me.

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:443
       ip protocol 6
       rules myrule
       profiles {
          clientssl {
             clientside
          }
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b pool foo list
    pool foo {
       members 200.200.200.101:80 {}
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_RESPONSE {
      if { [HTTP::status] == 201 && [string tolower [HTTP::header Location]] starts_with "http://"} {
        HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header Location]]
      }
    }
    }
    
    [root@ve10:Active] config  ssldump -Aed -nni 0.0 port 443 or port 80 -k /config/ssl/ssl.key/default.key
    New TCP connection 1: 172.28.19.251(35846) <-> 172.28.19.79(443)
    1 1  1354259681.9517 (0.0230)  C>S SSLv2 compatible client hello
    1 2  1354259681.9518 (0.0000)  S>CV3.1(81)  Handshake
    1 3  1354259681.9518 (0.0000)  S>CV3.1(953)  Handshake
    1 4  1354259681.9518 (0.0000)  S>CV3.1(4)  Handshake
    1 5  1354259681.9537 (0.0019)  C>SV3.1(262)  Handshake
    1 6  1354259681.9537 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
    1 7  1354259681.9537 (0.0000)  C>SV3.1(36)  Handshake
    1 8  1354259681.9718 (0.0180)  S>CV3.1(1)  ChangeCipherSpec
    1 9  1354259681.9718 (0.0000)  S>CV3.1(36)  Handshake
    1 10 1354259681.9736 (0.0018)  C>SV3.1(325)  application_data
        ---------------------------------------------------------------
        POST /SCFileserver/text/ HTTP/1.1
        Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
        User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
        Accept: */*
        Host: stage.test.com
        Content-Length: 14
        Content-Type: application/x-www-form-urlencoded
    
        Text Example 1---------------------------------------------------------------
    New TCP connection 2: 200.200.200.10(35846) <-> 200.200.200.101(80)
    1354259681.9746 (0.0009)  C>S
    ---------------------------------------------------------------
    POST /SCFileserver/text/ HTTP/1.1
    Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Accept: */*
    Host: stage.test.com
    Content-Length: 14
    Content-Type: application/x-www-form-urlencoded
    
    Text Example 1---------------------------------------------------------------
    
    1354259681.9756 (0.0009)  S>C
    ---------------------------------------------------------------
    HTTP/1.1 201 Created
    Server: Apache-Coyote/1.1
    X-UA-Compatible: IE=EmulateIE8
    Location: http://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1
    Content-Length: 0
    Date: Wed, 28 Nov 2012 22:58:29 GMT
    Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/
    
    ---------------------------------------------------------------
    
    1 11 1354259681.9757 (0.0021)  S>CV3.1(310)  application_data
        ---------------------------------------------------------------
        HTTP/1.1 201 Created
        Server: Apache-Coyote/1.1
        X-UA-Compatible: IE=EmulateIE8
        Location: https://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1
        Content-Length: 0
        Date: Wed, 28 Nov 2012 22:58:29 GMT
        Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/
    
        ---------------------------------------------------------------
    2    1354259681.9757 (0.0000)  S>C  TCP FIN
    1    1354259681.9757 (0.0000)  S>C  TCP FIN
    1 12 1354259681.9768 (0.0010)  C>SV3.1(22)  Alert
    1    1354259681.9778 (0.0010)  C>S  TCP FIN
    2    1354259681.9779 (0.0021)  C>S  TCP FIN