I've perform ssl offload (http vs+redirect irule & https vs+offload) many website and see many which have mixed content issue.
Is stream irule is necessary and only way to fix mixed content issue?
The thing is when we see mixed content. we will use stream irule and most of the time, It's working fine.
But sometimes website will have new issue arise due to stream irule. (when take it out, it working fine. but we still have to click accept content from browser due to mixed content problem)
If the content is served via 3xx redirects then you can use the built in LTM functionality as described here: https://devcentral.f5.com/articles/rewriting-redirects
In addition, the irule described below is doing the same thing but provides further granularity:
Problem is mixed content is occur when HTTP 200 response and in it's payload contains http:// reference.
Even we change 304 location from http:// to https://. Mixed content will still occur.
So We have to change every "http://"; reference in HTTP payload to "https://";. Normally you will think of stream irule. but it's also the question, Is it necessary to use stream irule?
regarding mixed-contents. Bigip does not need to be involved in the problem.
except for redirection. for redirection, bigip can solver but I took too many resource.
All of problem can solve changing server`s source code.
If server can`t change code, bigip "help" to solve problem.
Being that the mixed content you describe is attributed to absolute URL's in the html response, an alternative to the steam profile is this ProxyPass irule that the redirect white paper hints at:
If absolute self-referencing links are embedded in the HTTP payload, you may need to build and apply a stream profile to perform the appropriate replacements. An iRule could also be used for more complex payload replacements if necessary. For the ultimate in redirect rewriting and all other things HTTP proxy, I direct your attention to the legendary ProxyPass iRule (https://devcentral.f5.com/wiki/default.aspx/iRules/ProxyPass.html) contributed to the DevCentral codeshare by Kirk Bauer (thanks, Kirk, for a very comprehensive & instructive example!
The irule has not been maintained for later versions though some users have fixed it manually (https://devcentral.f5.com/codeshare?sid=646)
The above discussion also hints at the html profile but I'm unsure if its possible in our use case.
I have not experimented with the above html profile solution. Its success would depend on if we successfully make a match statement with the html tags. I would have to see the payload in question to speculate further. The ProxyPass irule and the html profile could easily be tested in a lab.
Good luck and please let us know.