replace http:// to https:// problems

You can create a custom HTTP profile with rewrite redirects enabled and add it to your VS to have LTM rewrite the http:// reference to https. You can check the online help on the HTTP profile page for details on the options.

Or you could use an iRule, but this would be more complicated and less efficient:

http://devcentral.f5.com/wiki/default.aspx/iRules/RewriteHTTPRedirectHostname.html

Just change the hostnames in the example to http:// and https://:

 
  when HTTP_RESPONSE { 
  
     Check if server response is a redirect 
    if { [HTTP::header is_redirect]} { 
  
        Log original and updated values 
       log local0. "Original Location header value: [HTTP::header value Location],\ 
          updated: [string map -nocase "http:// https://" [HTTP::header value Location]]" 
  
        Do the update, replacing http:// with https:// 
       HTTP::header replace Location \ 
          [string map -nocase "http:// https://" [HTTP::header value Location]] 
    } 
 } 
 

Aaron

Dear Aaron,

 

Thank you very much, but I am sorry.

 

Cloud I ask a question again ?

 

 

If the Location: http://www.domain.com:80/nsp/login?acct=a when httpServer return.

 

How to modify your iRule that replace the Location string to https://www.domain.com:443/nsp/login?acct=a when at (2).

 

 

Cloud you help me?

 

Thank you first..^^"

Does the application actually include the :80 port number in the Location header value? If so, you'd need to use an iRule, I think:

 
   when HTTP_RESPONSE {  
    
      Check if server response is a redirect  
     if { [HTTP::header is_redirect]} {  
    
         Log original and updated values  
        log local0. "Original Location header value: [HTTP::header value Location],\  
           updated: [string map -nocase "http:// https:// :80/ /" [HTTP::header value Location]]"  
    
         Do the update, replacing http:// with https:// and  :80/ with / 
        HTTP::header replace Location \  
           [string map -nocase "http:// https:// :80/ /" [HTTP::header value Location]]  
     }  
  }  
 

If it doesn't include the port, you could use a custom HTTP profile with rewrite redirects enabled.

Aaron

Dear Aaron,

 

Thank you very much.

 

 

Yes,the suck application(Novell Access Manager 3.1) actually include the :80 port number in the Location header value,so must use iRule to solve it.

 

Could I ask a question again ?

 

 

Beacuse the suck appliction will return twice redirect (as under),

 

(1) http://sso.domain.com:80/nsp/login?acct=a

 

(2) http://identity2.domain.com:8080/aaa/login?id=b

 

 

If I want to replace the Location value from http:// to https:// when the value include http:// and :80 (example as (1) )

 

, but not replace the Location value from http:// to https:// when the value include http:// and :8080 (example as (2) ).

 

 

How to modify your iRule in the case ?

 

 

Could you help me ?

 

Thank you first..^^"

you could use [getfield [HTTP::header value Location] ":" 2] as a conditional and only perform the string map if it equals 80.

Dear citizen_elah

 

 

Thank you very much

As citizen_elah suggests, you could use getfield or check for :80/

 
 when HTTP_RESPONSE {   
    
     Check if server response is a redirect and contains a reference to port 80  
    if { [HTTP::header is_redirect] && [HTTP::header value Location] contains ":80/"} { 
    
        Log original and updated values   
       log local0. "Original Location header value: [HTTP::header value Location],\   
          updated: [string map -nocase "http:// https:// :80/ /" [HTTP::header value Location]]"   
    
        Do the update, replacing http:// with https:// and  :80/ with /  
       HTTP::header replace Location \   
          [string map -nocase "http:// https:// :80/ /" [HTTP::header value Location]]   
    }   
 } 
 

Aaron

You can check the online help on the HTTP profile page for details on the options.

 

If you need that link you can check it out here ! :)

 

https://devcentral.f5.com/articles/rewriting-redirects