Forum Discussion

EddieV_26235's avatar
EddieV_26235
Icon for Nimbostratus rankNimbostratus
Nov 09, 2011

rewriting location header data

I'll just jump right into the good stuff. Here's my scenario:

 

 

wget --no-check-certificate -S "https://69.80.196.153/zap?aid=10000066&sid=6&can=fffffffffffffffe" -O /dev/null 2>&1 | grep " Location: " | grep --color "http://"

 

Location: https://bh.contextweb.com/bh/rtset?do=add&pid=536088&ev=4614711881901867008&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=fffffffffffffffe

 

Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=fffffffffffffffe

 

Location: http://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?can=ffffffffffffffee%26adnxs_uid=$UID

 

 

 

 

A customer has requested to see if the possibility exists to rewrite the location headers from http to https. The first "location: https" is the F5. We are terminating the ssl connection on the F5 and passing the connection to a pool of servers on port 80. We are using an HTTP profile to rewrite the response to https. Is it possible to rewrite the rest of the location headers in the response?

 

 

 

I found and tried the iRule below but didn't work:

 

 

 

when HTTP_RESPONSE {

 

 

Check if response type is text

 

if {[HTTP::header value Content-Type] contains "text"}{

 

 

Replace http:// with https://

 

STREAM::expression {@http://@https://@}

 

 

Enable the stream filter for this response only

 

STREAM::enable

 

}

 

}

 

 

application delivery
dev
devops
iRules

9 Replies

Sort By
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2011
    Hi EddieV,

     

     

    Did you create a blank stream profile and apply it to the Virtual Server and create a custom HTTP Profile that has the "Response Chunking" set to "Rechunk"?
  • EddieV_26235's avatar
    EddieV_26235
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2011
    Using the default stream profile. I'm not familiar with stream at all. The F5 alerted me to enable when I applied the iRule with the stream expression.

     

     

    Response chunking set to Selective
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 09, 2011
    are bh.contextweb.com, matcher-cwb.bidder7.mookie1.com and ib.adnxs.com under F5 i.e. virtual server? 

     wget --no-check-certificate -S "https://69.80.196.153/zap?aid=10000066&sid=6&can=fffffffffffffffe" -O /dev/null 2>&1 | grep "Location:"
  Location: /zap-set?aid=10000066&sid=6&can=fffffffffffffffe
Location: /zap-set?aid=10000066&sid=6&can=fffffffffffffffe [following]
  Location: https://bh.contextweb.com/bh/rtset?do=add&pid=536088&ev=4614500775662583808&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=fffffffffffffffe
Location: https://bh.contextweb.com/bh/rtset?do=add&pid=536088&ev=4614500775662583808&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=fffffffffffffffe [following]
  Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=fffffffffffffffe
Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=fffffffffffffffe [following]
  Location: /do-association-set?return=ctxweb&can=fffffffffffffffe
Location: /do-association-set?return=ctxweb&can=fffffffffffffffe [following]
  Location: http://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?can=ffffffffffffffee%26adnxs_uid=$UID
Location: http://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus?can=ffffffffffffffee%26adnxs_uid=$UID [following]
  • EddieV_26235's avatar
    EddieV_26235
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2011

    Nitass,

     

     

     

    I'm trying to get a definitive answer from my customer regarding that right now. Thank you for the response.
  • EddieV_26235's avatar
    EddieV_26235
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2011
    I tried to use rechunk and no success.

     

     

    I'm working on restating the problem.

     

  • EddieV_26235's avatar
    EddieV_26235
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2011
    Looks like an answer was found and for specific instances:

     

     

    when HTTP_RESPONSE {

     

     

    if { [string tolower [HTTP::header "Location"]] contains "?http" } {

     

    HTTP::header replace "Location" [string map -nocase {?http: ?https:} [HTTP::header "Location"]]

     

    }

     

     

    if { [string tolower [HTTP::header "Location"]] contains "=http" } {

     

    HTTP::header replace "Location" [string map -nocase {=http =https} [HTTP::header "Location"]]

     

    }

     

     

    if { [string tolower [HTTP::header "Location"]] contains "&http" } {

     

    HTTP::header replace "Location" [string map -nocase {&http &https} [HTTP::header "Location"]]

     

    }

     

    }
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 10, 2011
    with http profile, stream profile will replace only http payload.

    without http profile, it will replace tcp payload which includes http header. 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.65.152:https
   ip protocol tcp
   profiles {
      clientssl {
         clientside
      }
      myhttp {}
      tcp {}
   }
}
[root@ve1023:Active] config  b profile myhttp list
profile http myhttp {
   defaults from http
   redirect rewrite all
}

[root@centos251 ~] cat /etc/hosts
172.28.65.152   bh.contextweb.com matcher-cwb.bidder7.mookie1.com ib.adnxs.com

[root@centos251 ~] wget --no-check-certificate -S "https://172.28.65.152/zap?aid=10000066&;sid=6&;can=fffffffffffffffe" -O /dev/null 2>&1|grep -i location
  Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe
Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe [following]
  Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=http://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe
Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=http://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe [following]
  Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe
Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe [following]
  Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe
Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe [following]
  Location: https://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID
Location: https://ib.adnxs.com/getuid?http://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID [following]


[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.65.152:https
   ip protocol tcp
   profiles {
      clientssl {
         clientside
      }
      mystream {}
      tcp {}
   }
}
[root@ve1023:Active] config  b profile mystream list
profile stream mystream {
   defaults from stream
   source "http://"
   target "https://"
}

[root@centos251 ~] cat /etc/hosts
172.28.65.152   bh.contextweb.com matcher-cwb.bidder7.mookie1.com ib.adnxs.com

[root@centos251 ~] wget --no-check-certificate -S "https://172.28.65.152/zap?aid=10000066&;sid=6&;can=fffffffffffffffe" -O /dev/null 2>&1|grep -i location
  Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe
Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe [following]
  Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe
Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe [following]
  Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe
Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe [following]
  Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe
Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe [following]
  Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID
Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID [following]

    hope this helps.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 10, 2011
    just in case you want to use HTTP::is_redirect. 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.65.152:https
   ip protocol tcp
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      tcp {}
   }
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
        if {[HTTP::is_redirect]} {
                HTTP::header replace Location [string map -nocase {http:// https://} [HTTP::header value Location]]
        }
}
}

[root@centos251 ~] cat /etc/hosts
172.28.65.152   bh.contextweb.com matcher-cwb.bidder7.mookie1.com ib.adnxs.com

[root@centos251 ~] wget --no-check-certificate -S "https://172.28.65.152/zap?aid=10000066&;sid=6&;can=fffffffffffffffe" -O /dev/null 2>&1|grep -i location
  Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe
Location: https://172.28.65.152/zap-set?aid=10000066&%3bsid=6&%3bcan=fffffffffffffffe [following]
  Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe
Location: https://bh.contextweb.com/bh/rtset?do=add&%3bpid=536088&%3bev=4614500775662583808&%3brurl=https://matcher-cwb.bidder7.mookie1.com/do-association%3freturn=ctxweb6can=fffffffffffffffe [following]
  Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe
Location: https://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&%3bcan=fffffffffffffffe [following]
  Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe
Location: https://matcher-cwb.bidder7.mookie1.com/do-association-set?return=ctxweb&%3bcan=fffffffffffffffe [following]
  Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID
Location: https://ib.adnxs.com/getuid?https://matcher-apx.bidder7.mookie1.com/appnexus%3fcan=ffffffffffffffee6adnxs_uid=$UID [following]
  • EddieV_26235's avatar
    EddieV_26235
    Icon for Nimbostratus rankNimbostratus
    Nov 10, 2011
    Thanks nitass. My initial use of stream was incorrect. Your second post HTTP::is_redirect is the method I ended up using.