Forum Discussion

Tobias_Neumeyer's avatar
Tobias_Neumeyer
Icon for Nimbostratus rankNimbostratus
Jun 25, 2009

SharePoint http to https link replacing

Hi,

 

 

hope some of the expert can help with my issue.

 

We're trying to setup SharePoint 2007 in Host Header mode with SSL and BIG-IP LTM SSL offloading.

 

 

On some sites the links in sharepoint are still http instead https. Now I have found a iRule for SharePoint 2003 which should solve these problems.

 

 

when HTTP_REQUEST {

 

Based on the Social Security and credit card scrubber

 

Don't allow data to be chunked

 

if { [HTTP::version] eq "1.1" } {

 

if { [HTTP::header is_keepalive] } {

 

HTTP::header replace "Connection" "Keep-Alive"

 

}

 

HTTP::version "1.0"

 

}

 

}

 

 

when HTTP_RESPONSE {

 

Only check responses that are a text content type

 

(text/html, text/xml, text/plain, etc).

 

if { [HTTP::header "Content-Type"] starts_with "text/" } {

 

Get the content length so we can request the data to be

 

processed in the HTTP_RESPONSE_DATA event.

 

if { [HTTP::header exists "Content-Length"] } {

 

set content_length [HTTP::header "Content-Length"]

 

} else {

 

set content_length 4294967295

 

}

 

if { $content_length > 0 } {

 

HTTP::collect $content_length

 

}

 

}

 

}

 

 

when HTTP_RESPONSE_DATA {

 

if { [regsub -all "http://site1.sharepoint.domain.com" [HTTP::payload] "https://site1.sharepoint.domain.com" newdata] } {

 

HTTP::payload replace 0 [HTTP::payload length] $newdata

 

}

 

}

 

 

This iRule is working and it replace the http links with https in general.

 

But pages with matching http links looking a little bit strange.

 

Some text on the site have special funny characters suddenly with the iRule. The text looks like this....

 

 

"Using SQL Server Database Mirroring with Office SharePoint® Server and Windows® SharePointÂ"

 

 

Does anybody know what the problem could be and how can I resolve this?

 

 

The other problem is, that we need a global rule for all of our sites. At the moment the regsub method replacing a special http://fqdn only.

 

Waht I need is something like that

 

 

if { [regsub -all "http://*.sharepoint.domain.com" [HTTP::payload] "https://*.sharepoint.domain.com" newdata] }

 

 

I have tried it with diffrent expressions but I can't get to work.

 

 

Hope someone can help me?

 

 

Thank you in advance

 

 

Tobias
application delivery
dev
devops
iRules

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 25, 2009
    Hi Tobias,

     

     

    Have you considered using alternate access mapping configuration in sharepoint to instruct sharepoint to use the external protocol and alias to avoid the need for an iRule? You can check this post for some related info and links:

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3352955976

     

     

    Else, a stream profile and STREAM::expression based iRule (Click here) would be more efficient than collecting the full response payloads to rewrite them.

     

     

    If you do stick with HTTP::collect, you should make sure to change the logic to only collect ~1Mib of content (Click here) to avoid a TMM restart.

     

     

    Aaron
  • Tobias_Neumeyer's avatar
    Tobias_Neumeyer
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2009
    Hi Aaron,

     

     

    thanks a lot for your quick reply!

     

    The alternate access mapping should be ok and SharePoint is working. But (I think) we have a special environment because it's hosted sharepoint. We have a lot of site collections in host header mode and only these sites have this issue. I have found a whitepaper from MS and they confirmed this in hosted environments.

     

     

    I agree that a stream profile would be much better, but I can't get it to work.

     

     

    I tried it with the iRule below from the example as well.

     

     

    when HTTP_RESPONSE {

     

     

    Disable the stream filter by default

     

    STREAM::disable

     

     

    Check if response type is text

     

    if {[HTTP::header value Content-Type] contains "text"}{

     

     

    Match any http:// instance and replace it with nothing

     

    STREAM::expression {@http://@https://}

     

     

    Enable the stream filter for this response only

     

    STREAM::enable

     

    }

     

    }

     

    when STREAM_MATCHED {

     

    log local0. "[IP::client_addr]:[TCP::local_port]: matched: [STREAM::match], replaced with: [string map {http:// https://} [STREAM::match]]"

     

    STREAM::replace "[string map {http:// https://} [STREAM::match]]"

     

     

    The log output shows that it found content that match the expression but the links in the site still http://.

     

     

    Don't know why?

     

     

    Thanks

     

     

    Tobias
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 25, 2009
    So you see the match in STREAM_MATCHED, but no replacements are done in the payload? Maybe some of the references to http:// in the payload are in mixed case? If so, you could use a stream expression of:

     

     

    STREAM::expression {@[hH][tT][tT][pP]://@https://}

     

     

    Or maybe there are also references to http:// in the headers? If that's the case, you'd need to rewrite the header using 'HTTP::header replace'. Here is an example in the Codeshare (http://devcentral.f5.com/Wiki/default.aspx/iRules/RewriteHTTPRedirectHostname.html Click here).

     

     

    If the issue actually is that the stream filter is matching, logging in STREAM_MATCHED, but not replacing the content I'd suggest opening a case with F5 Support.

     

     

    Aaron