Rewrite http:// to https:// in response content
Problem this snippet solves: (Maybe I missed it, but) I didn't see a code share for using a STREAM profile to rewrite content from http to https. This share is just to make it easier to find a simple iRule to replace http:// links in page content to https://. It's taken directly from the STREAM::expression Wiki page. How to use this snippet: You'll need to assign a STREAM profile to you virtual server in order for this to work (just create an empty stream profile and assign it). Code : # Example which replaces http:// with https:// in response content # Prevents server compression in responses when HTTP_REQUEST { # Disable the stream filter for all requests STREAM::disable # LTM does not uncompress response content, so if the server has compression enabled # and it cannot be disabled on the server, we can prevent the server from # sending a compressed response by removing the compression offerings from the client HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { # Check if response type is text if {[HTTP::header value Content-Type] contains "text"}{ # Replace http:// with https:// STREAM::expression {@http://@https://@} # Enable the stream filter for this response only STREAM::enable } } Tested this on version: 11.5
LineRate HTTP to HTTPS redirect
Here's a quick LineRate proxy code snippet to convert an HTTP request to a HTTPS request using the embedded Node.js engine. The relevant parts of the LineRate proxy config are below, as well. By modifying the redirect_domain variable, you can redirect HTTP to HTTPS as well as doing a non-www to a www redirect. For example, you can redirect a request for http://example.com to https://www.example.com . The original URI is simply appended to the redirected request, so a request for http://example.com/page1.html will be redirected to https://www.example.com/page1.html . This example uses the self-signed SSL certificate that is included in the LineRate distribution. This is fine for testing, but make sure to create a new SSL profile with your site certificate and key when going to production. As always, the scripting docs can be found here. redirect.js: Put this script in the default scripts directory - /home/linerate/data/scripting/proxy/ and update the redirect_domain and redirect_type variables for your environment. "use strict"; var vsm = require('lrs/virtualServerModule'); // domain name to which to redirect var redirect_domain = 'www.example.com'; // type of redirect. 301 = temporary, 302 = permanent var redirect_type = 302; vsm.on('exist', 'vs_example.com', function(vs) { console.log('Redirect script installed on Virtual Server: ' + vs.id); vs.on('request', function(servReq, servResp, cliReq) { servResp.writeHead(redirect_type, { 'Location': 'https://' + redirect_domain + servReq.url }); servResp.end(); }); }); LineRate config: real-server rs1 ip address 10.1.2.100 80 admin-status online ! virtual-ip vip_example.com ip address 192.0.2.1 80 admin-status online ! virtual-ip vip_example.com_https ip address 192.0.2.1 443 attach ssl profile self-signed admin-status online ! virtual-server vs_example.com attach virtual-ip vip_example.com default attach real-server rs1 ! virtual-server vs_example.com_https attach virtual-ip vip_example.com_https default attach real-server rs1 ! script redirect source file "proxy/redirect.js" admin-status online Example: user@m1:~/ > curl -L -k -D - http://example.com/test HTTP/1.1 302 Found Location: https://www.example.com/test Date: Wed, 03-Sep-2014 16:39:53 GMT Transfer-Encoding: chunked HTTP/1.1 200 OK Content-Type: text/plain Date: Wed, 03-Sep-2014 16:39:53 GMT Transfer-Encoding: chunked hello world
How to overcome "Only secure content is displayed"?
Hi, I am load balancing to a web server which uses backdrop mapping. I have created an Virtual Server listening on HTTP which applies the "_sys_https_redirect" iRule to redirect from HTTP to HTTPS which contains the following: when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } I have then created a second Virtual Server listening on HTTPS that presents the SSL certificate and then simply load balances to the pool members (passing traffic to them on TCP port 80). The problem that I am getting is that some pages contain backdrop mapping from openstreetmap.org (URL is similar to http://a.tile.openstreetmap.org/b/c/d/png where a b c and d can vary). Firefox and Chrome do not display this embedded backdrop mapping but Internet Explorer does at least show a message saying "Only secure content is displayed". If I then click on the "Show all content" button, the mapping does appear. I have searched the forums and have tried creating a custom http profile with edited "Request header insert" to insert the X-Forwarded-Proto but must be doing it wrong as i get an error "01070373:3: Invalid Header Insert 'X-Forwarded-Proto' for profile /Common/http_osnet. name:value must be ":" separated" I am fairly new to LTM so any help greatly appreciated.
*Redirect http to https for Internet clients but not private clients*
How to Redirect all clients from http to https for Internet clients but allow http to private client IP? Following is not working properly: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] or [IP::addr [IP::client_addr] equals 192.168.1.0/24]} { set redirect 0 } else { set redirect 1 } } when HTTP_REQUEST { if {$redirect}{ HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
How to redirect Https to Https respons ?
Hii Everyone, I have a problem with our client application Web. I have VS port 443 (using SSL) and pool member 80. (IP VS 192.168.x.x:443 --> pool member 10.45.x.x:80 ) When client access port 443 at homepage still 443, but when user login to the homepage, its redirected from 443 to http (80). When I dump, the response from server is true (respons 443 TLS) because F5 respons must be 443. The problem is why the user after login to the homepage redirected to HTTP, not HTTPS ? We can't using this step: 1. we cannot change the pool member port 80 to member 443 because port 80 still use for internal application, so we cannot create redirected VS http to https. 2. Server can be change from 80 to port 443 becausehave not received permission from the client management. So the question is : Any irules to change the respons server to https when user login to the homepage ??? Thankyou.
Rewrite profile - any better way?
Hi, I wonder is there is any simpler way to achieve something described below: Scenario: Single VS - IP mapped to few external FQDNs Each external FQDN maps to virtual host on the same backend server (so traffic accepted only if there is Host header match in request send from BIG-IP to backend) There is possibility that some links returned from backend (in content) are not relative and can use backend srv FQDN. Setup: Local Traffic Policy forwarding traffic to appropriate pool based on host header in request from client - sure it could be one pool but because FQDN nodes has to be used I guess separate pools are needed - or not? Then Rewrite profile with URI rules for each ext FQDN to int FQDN with Rewrite Header, Rewrite content set, like * -> * -> * -> * and so on When redirect from http to https (send from backend) is needed then another Rewrite profile is necessary for HTTPS VS: * -> * -> * -> * and so on It is working OK but requires plenty of objects to be configured, everything has to be entered by hand, in few places and cause a lot of work and possibility to make mistake :-( Is there any other way (simpler, less error prone) to achieve the same goal? Piotr
Cookie with HTTP to HTTPS connections and the need of OneConnect
Hello, We need to preserve COOKIE styckyness once the client is switching from HTTP to HTTPS and viceversa using the same VIPS (only the ports 443-80 are different of course) and the Nodes IPs behind as well. BIGIP stanadrd cookie is based on IP address and port (i.e. pool member), so it cannot be used to stick to the same node. Instead, we can use this iRule to generate a UIE COOKIE based only on the node IP: https://devcentral.f5.com/wiki/iRules.HttpToHTTPsCookiePersistence.ashx But this is still not working!! even when we browse at HTTP level without switching to HTTPS. In the sniffer traces taken on the LTM i clearly see that the client always sends the "bIPs" COOKIE generated by the LTM, so it should stick to the same sever behind, right? So finally we were suggested to enabled OneConnect to both HTTP/HTTPS VIPs due to the fact that Persistence is not working sometime when HTTP Keepalive is active. https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7964.html I am not clear why do we need OneConnect. Why LTM does not persist in case HTTP keepalive is enabled? We cannot use OneConnect as we had some issues with the application, so we are stuck..SHAREPOINT REDIRECT IRULE ON LTM
What IRULE can be used to redirect a sharepoint website. I have a sharepoint url in my environment which management wants redirected to https://share.denison.net. https://share.dension.net is also currently functional and serving the same content like . Users on the Windows domain,only type and get automatically redirected to . How then do i redirect requests which load to to https://share.denison.net
HTTP to HTTPS
Hi, I was wondering if someone could help me with an irule that will redirect a site http://test.site.com:8050 to https:test.site.com:8050. The problem is it keeps getting stuck in a loop. I need it to know if its http to redirect but if the site comes in https then to not redirect the request again. Thanks!!!w3c iRule logging for Virtual Servers having http to https redirection iRule
Hi, I have been asked to verify the VS without w3c iRule in our LTMs and attach this iRule to them. Now, I have many VS in LTMs which have http to https redirection iRule attached to them and w3c iRule attached to VS listening on https. Could anyone of you please confirm whether I have to attach w3c iRule to both VS listening on http and https or would it suffice if I only attach it to VS with https as requests to http would be redirected to https VS. If I add w3c to both of the VS (http & https) would this create redundant logs as traffic to VS:http are redirected to VS:https. Can I have some clarification on this. Thanks in advance, MSK