cancel
Showing results for 
Search instead for 
Did you mean: 

Location header rewrite, but only on HTTP 201 events

Scott_Grantham_
Nimbostratus
Nimbostratus

 

Hello, we have an LTM doing SSL offloading and balancing for a pool of JBoss servers. Because the LTM talks HTTP to the JBoss pool, some Location headers were returning as http instead of https.

 

 

Example POST with http Location header:

 

 

curl -v -X POST -u username:password https://stage.test.com/SCFileserver/text/ --data-ascii 'Text Example 1'

 

>

 

> Text Example 1HTTP/1.1 201 Created

 

< Server: Apache-Coyote/1.1

 

< X-UA-Compatible: IE=EmulateIE8

 

< Location: http://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1

 

< Content-Length: 0

 

< Date: Wed, 28 Nov 2012 22:58:29 GMT

 

< Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

 

 

 

Normally not a problem for a web browser-- the LTM has an iRule to redirect http requests to https-- but our Java app does not handle the 302 redirect to https from the LTM correctly so we want to rewrite the Location header to be https.

 

 

It was easy to find an iRule on DevCentral that would ReWrite https into a redirect message, I used this one:

 

 

https://devcentral.f5.com/wiki/iRul...iting.ashx

 

 

I removed [HTTP::is_redirect] && from line 27 since we want to rewrite the Location before the redirect has a chance to happen.

 

 

This seems to work for us as shown in this example after the iRule is applied to the virtual server:

 

 

curl -v -X POST -u username:password https://stage.test.com/SCFileserver/text/ --data-ascii 'Text Example 2'

 

>

 

> Text Example 2HTTP/1.1 201 Created

 

< Server: Apache-Coyote/1.1

 

< X-UA-Compatible: IE=EmulateIE8

 

< Location: https://stage.test.com/SCFileserver/text/text77cda4f2-4e2f-46e7-9b57-48ec519d8df0

 

< Content-Length: 0

 

< Date: Wed, 28 Nov 2012 23:06:37 GMT

 

< Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/

 

 

 

My questions-- is this the best method of changing the Location header in the response, and is there a way to apply the rewrite just to HTTP 201 Created responses?

 

 

Something like this?

 

 

 

if { [HTTP::status] == 201 && [string tolower [HTTP::header Location]] starts_with "http://$host"} {

 

HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]

 

 

Thank you,

 

 

Scott

 

 

 

2 REPLIES 2

What_Lies_Bene1
Cirrostratus
Cirrostratus
Just to clarify, all you want to do is rewrite the Location header in 201 responses? Nothing else?

nitass
F5 Employee
F5 Employee
your irule looks fine to me.

 

 

[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:443 ip protocol 6 rules myrule profiles { clientssl { clientside } http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_RESPONSE { if { [HTTP::status] == 201 && [string tolower [HTTP::header Location]] starts_with "http://"} { HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header Location]] } } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 443 or port 80 -k /config/ssl/ssl.key/default.key New TCP connection 1: 172.28.19.251(35846) <-> 172.28.19.79(443) 1 1 1354259681.9517 (0.0230) C>S SSLv2 compatible client hello 1 2 1354259681.9518 (0.0000) S>CV3.1(81) Handshake 1 3 1354259681.9518 (0.0000) S>CV3.1(953) Handshake 1 4 1354259681.9518 (0.0000) S>CV3.1(4) Handshake 1 5 1354259681.9537 (0.0019) C>SV3.1(262) Handshake 1 6 1354259681.9537 (0.0000) C>SV3.1(1) ChangeCipherSpec 1 7 1354259681.9537 (0.0000) C>SV3.1(36) Handshake 1 8 1354259681.9718 (0.0180) S>CV3.1(1) ChangeCipherSpec 1 9 1354259681.9718 (0.0000) S>CV3.1(36) Handshake 1 10 1354259681.9736 (0.0018) C>SV3.1(325) application_data --------------------------------------------------------------- POST /SCFileserver/text/ HTTP/1.1 Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: stage.test.com Content-Length: 14 Content-Type: application/x-www-form-urlencoded Text Example 1--------------------------------------------------------------- New TCP connection 2: 200.200.200.10(35846) <-> 200.200.200.101(80) 1354259681.9746 (0.0009) C>S --------------------------------------------------------------- POST /SCFileserver/text/ HTTP/1.1 Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: stage.test.com Content-Length: 14 Content-Type: application/x-www-form-urlencoded Text Example 1--------------------------------------------------------------- 1354259681.9756 (0.0009) S>C --------------------------------------------------------------- HTTP/1.1 201 Created Server: Apache-Coyote/1.1 X-UA-Compatible: IE=EmulateIE8 Location: http://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1 Content-Length: 0 Date: Wed, 28 Nov 2012 22:58:29 GMT Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/ --------------------------------------------------------------- 1 11 1354259681.9757 (0.0021) S>CV3.1(310) application_data --------------------------------------------------------------- HTTP/1.1 201 Created Server: Apache-Coyote/1.1 X-UA-Compatible: IE=EmulateIE8 Location: https://stage.test.com/SCFileserver/text/text655bf2cb-7c91-438b-81e0-3fe0469208a1 Content-Length: 0 Date: Wed, 28 Nov 2012 22:58:29 GMT Set-Cookie: BIGipServerStage1_Pool=2365657260.33315.0000; path=/ --------------------------------------------------------------- 2 1354259681.9757 (0.0000) S>C TCP FIN 1 1354259681.9757 (0.0000) S>C TCP FIN 1 12 1354259681.9768 (0.0010) C>SV3.1(22) Alert 1 1354259681.9778 (0.0010) C>S TCP FIN 2 1354259681.9779 (0.0021) C>S TCP FIN