Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

HTTPs rewrite

Hi

We have 2 apache web servers configured for http only. We have put our f5 big loadbalancer in front doing ssl with the standard redirect irule on a second VS. These 2 rules work fine apart from the java scripts are blocked as it is being serverd over http. how do i setup rule to rewrite the response to https?

Tahnks

0
Rate this Question
Comments on this Question
Comment made 2 months ago by Michael Yates 735

While you can fix this with an iRule, I would suggest that you don't when the LTM has the ability baked in. Try updating your applied HTTP Profile.

Login to the Management Console, navigate to your HTTP Profile and then go to the upper left and select the "Help" Tab. It will display a description of each HTTP Profile Option and explain what each option does.

Look for "Redirect Rewrite". The "Matching" option should resolve your issue.

Matching: Specifies that the system rewrites the URI in any HTTP redirect responses that match the request URI.

0
Comment made 2 months ago by willetzktysthk 3

Thanks for the reponce but this does not seem to work..

HTTP vs has the default https redircet rule

when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }

And i applied the http profile with rewrite set to match on both VSs but i still get the requests for javascript on http

0
Comment made 2 months ago by RossVermette 288

You could try a STREAM expression, something similar to this, (Note replace the "java with the real content-type that your request has for content-type, and you will also need a streams profile attached to your vs)

when HTTP_RESPONSE {
    if { [HTTP::header value Content-Type] contains "Java"} {
    STREAM::expresion @http://@https://@
    STREAM::enable
    }
}
0
Comment made 2 months ago by willetzktysthk 3

Thanks for the response

I added the deafult stream profile and created the follwoing irule for the HTPS vs

when HTTP_REQUEST { ## tell server not to compress response HTTP::header remove Accept-Encoding

## disable STREAM for request flow
STREAM::disable

} when HTTP_RESPONSE { ## catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"http://"; "https://";} [HTTP::header Location]] }

## only look at text data
if { [HTTP::header Content-Type] contains "text" } {

    ## create a STREAM expression to replace any http:// with https://
    STREAM::expression [list {@http://@https://@} {@:80@:443@}]

    ## enable STREAM
    STREAM::enable
}

}

this has fixed the http https issuses but now it has broken the authentication. It is using apache ntlm and i am just getting 401 and 403 errors getting when the java asks for any xhr content

0
Comment made 2 months ago by RossVermette 288

Run a developer trace in your client app browser, or packet capture to see if the java piece is adding in the challenge/response to the 401 auth request.

0
Comment made 2 months ago by Michael Yates 735

Sorry to hear that it did not work for you. Another option is to add the following on your HTTPS Virtual Server:

when HTTP_RESPONSE {
     if { [URI::protocol [HTTP::header "Location" ]] eq "http" } {
     set path [findstr [HTTP::header "Location" "//" 2]
     HTTP::header replace "Location" "https://$path"
     }
}
0
Comment made 2 months ago by willetzktysthk 3

Hi

with this irule the mixed content error is back again. it is not rewriting the xhr requests again.

Thanks

The apache server has the following config

        RewriteEngine On
        RewriteCond %{SERVER_NAME} ^(.*)$
        RewriteRule ^(.*)$ - [E=SERVER_NAME:%1,NS]
        RewriteCond %{SERVER_PORT} ^(.*)$ 
        RewriteRule ^(.*)$ - [E=SERVER_PORT:%1,NS] 
        RequestHeader setifempty X-Remote-Address "%{SERVER_NAME}e:%{SERVER_PORT}e"

        RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
        RewriteRule ^(.*)$ - [E=RU:%1,NS]
        RequestHeader setifempty X-Forwarded-User %{RU}e 

        RewriteCond %{LA-U:HTTPS} ^(.*)$
        RewriteRule ^(.*)$ - [E=RP:%1,NS]
        RequestHeader setifempty X-Forwarded-Https %{RP}e
0
Comment made 2 months ago by willetzktysthk 3

It looks like it drops the jsessionid of the post request

Working http

send @ jquery-2.2.1.min.js;jsessionid=D85BBC2851E04794EE902350EE1455BD.tomcatB:4

Broken https

send @ jquery-2.2.1.min.js:4

Thanks

0

Answers to this Question