If you're only rewriting based on the content-type header value, you can look for the string "text" instead of enumerating every content-type you don't want to rewrite to https. This means you don't have to include image types and every other binary filetype. The msword, excel and powerpoint content-types should typically be "application/msword", etc (
Click here). They should not contain the word text.
Here is an example which implements the logic you suggested, followed by one that only rewrites text.
when HTTP_RESPONSE {
Disable the stream filter by default
STREAM::disable
Check if we're rewriting the response
switch -glob [string tolower [HTTP::header value Content-Type]] {
"*msword*" -
"*vnd.excel*" -
"*ms-powerpoint*" {
Response isn't one we want to rewrite. Do nothing.
log local0. "[IP::client_addr]:[TCP::client_port]: Not modifying response for response type [HTTP::header value Content-Type]"
}
default {
For all other responses, match any http:// instance and replace it with https:// in the response payload
STREAM::expression {@http://@https://@}
Enable the stream filter for this response only
STREAM::enable
log local0. "[IP::client_addr]:[TCP::client_port]: Modifying response for response type [HTTP::header value Content-Type]"
}
}
}
when HTTP_RESPONSE {
Disable the stream filter by default
STREAM::disable
Check if we're rewriting the response
if {[HTTP::header value Content-Type] contains "text"}{
Match any http:// instance and replace it with https://
STREAM::expression {@http://@https://@}
Enable the stream filter for this response only
STREAM::enable
log local0. "[IP::client_addr]:[TCP::client_port]: Modifying response for response type [HTTP::header value Content-Type]"
}
}
}
Aaron