NimbostratusHi
We have 2 apache web servers configured for http only. We have put our f5 big loadbalancer in front doing ssl with the standard redirect irule on a second VS. These 2 rules work fine apart from the java scripts are blocked as it is being serverd over http. how do i setup rule to rewrite the response to https?
Tahnks
NimbostratusWhile you can fix this with an iRule, I would suggest that you don't when the LTM has the ability baked in. Try updating your applied HTTP Profile.
Login to the Management Console, navigate to your HTTP Profile and then go to the upper left and select the "Help" Tab. It will display a description of each HTTP Profile Option and explain what each option does.
Look for "Redirect Rewrite". The "Matching" option should resolve your issue.
Matching: Specifies that the system rewrites the URI in any HTTP redirect responses that match the request URI.
NimbostratusThanks for the reponce but this does not seem to work..
HTTP vs has the default https redircet rule
when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
And i applied the http profile with rewrite set to match on both VSs but i still get the requests for javascript on http
NimbostratusYou could try a STREAM expression, something similar to this, (Note replace the "java with the real content-type that your request has for content-type, and you will also need a streams profile attached to your vs)
when HTTP_RESPONSE {
if { [HTTP::header value Content-Type] contains "Java"} {
STREAM::expresion @http://@https://@
STREAM::enable
}
}
Thanks for the response
I added the deafult stream profile and created the follwoing irule for the HTPS vs
when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding
disable STREAM for request flow
STREAM::disable
} when HTTP_RESPONSE { catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"; ";} [HTTP::header Location]] }
only look at text data
if { [HTTP::header Content-Type] contains "text" } {
create a STREAM expression to replace any http:// with https://
STREAM::expression [list {@http://@https://@} {@:80@:443@}]
enable STREAM
STREAM::enable
}
}
this has fixed the http https issuses but now it has broken the authentication. It is using apache ntlm and i am just getting 401 and 403 errors getting when the java asks for any xhr content
NimbostratusRun a developer trace in your client app browser, or packet capture to see if the java piece is adding in the challenge/response to the 401 auth request.
NimbostratusSorry to hear that it did not work for you. Another option is to add the following on your HTTPS Virtual Server:
when HTTP_RESPONSE {
if { [URI::protocol [HTTP::header "Location" ]] eq "http" } {
set path [findstr [HTTP::header "Location" "//" 2]
HTTP::header replace "Location" "https://$path"
}
}
Hi
with this irule the mixed content error is back again. it is not rewriting the xhr requests again.
Thanks
The apache server has the following config
RewriteEngine On
RewriteCond %{SERVER_NAME} ^(.*)$
RewriteRule ^(.*)$ - [E=SERVER_NAME:%1,NS]
RewriteCond %{SERVER_PORT} ^(.*)$
RewriteRule ^(.*)$ - [E=SERVER_PORT:%1,NS]
RequestHeader setifempty X-Remote-Address "%{SERVER_NAME}e:%{SERVER_PORT}e"
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [E=RU:%1,NS]
RequestHeader setifempty X-Forwarded-User %{RU}e
RewriteCond %{LA-U:HTTPS} ^(.*)$
RewriteRule ^(.*)$ - [E=RP:%1,NS]
RequestHeader setifempty X-Forwarded-Https %{RP}e
It looks like it drops the jsessionid of the post request
Working http
send @ jquery-2.2.1.min.js;jsessionid=D85BBC2851E04794EE902350EE1455BD.tomcatB:4
Broken https
send@ jquery-2.2.1.min.js:4
Thanks