Changing the body of a response

Hi Kevan,

 

 

You probably just need to enable Rewrite Redirects in the http profile attached to the vip. If you set that to "Matching" or "All" the LTM should capture those references and rewrite them.

 

 

Denny

Thanks for the idea. It did not fix the problem.

Sorry...I misread and thought that these references were 301 or 302 responses, but you're saying that the links are embedded in the payload (HTML or whatever). Fixing that is going to be a bit more complicated if the application isn't aware that it's being accessed by SSL on the front end.

 

 

I know that some applications (Outlook Web Access for example) will correctly handle this if you pass them a header that basically tells the application when you're offloading SSL (see SOL 6087 Click here ). So that may be one option.

 

 

Another option would be to do server-side re-encryption so that the LTM can still do iRules, cookie persist, etc, and the server still gets 443 connections. But this negates the performance gain from offloading SSL on the front end.

 

 

You could also enable a stream profile on the https vip that would capture any reference to http://a.b.c.d/something/ and rewrite it as https://a.b.c.d/something/, but that may not be granular enough (it would do that to any reference in the payload, not just the changed ones). I'm struggling to come up with iRule logic to handle that...anyone else have thoughts on that?

 

 

Denny

That was the pointer I needed, thanks!

 

 

The page is simple and requires all references to be changed. It also only occurs on a GET, and the bulk of the traffic comes from POST. So I think this will do the trick:

 

 

when HTTP_REQUEST {

 

set ReqMethod [HTTP::method]

 

}

 

 

when HTTP_RESPONSE {

 

if { $ReqMethod == "GET" }{

 

STREAM::disable

 

STREAM::expression @http://@https://@

 

STREAM::enable

 

}

 

}

Here are a few suggestions:

 
 when HTTP_REQUEST { 
  
     Only rewrite responses if request is a GET 
    if {[HTTP::method] eq "GET"}{ 
  
       set rewrite_response 1 
  
        Prevent server from compressing response content if we're potentially going to rewrite it 
          by removing the compression offerings from the client 
       HTTP::header remove "Accept-Encoding" 
  
    } else { 
       set rewrite_response 0 
    } 
 } 
  
 when HTTP_RESPONSE { 
  
     Check if the request was a GET and the response is a text content type 
    if {$rewrite_response && [HTTP::header "Content-Type"] starts_with "text/"}{ 
  
        Configure the find/replace for the stream filter and enable it 
       STREAM::expression @http://@https://@ 
       STREAM::enable 
  
    } else { 
        Disable the stream filter for this response 
       STREAM::disable 
    } 
 } 
 

This assumes that the server doesn't include http:// references in the redirects. If it does, you could rewrite them following the logic in this post (Click here).

Aaron

That is exactly what I needed. Thanks for the assistance!