iRule to replace http with https for specific URLs

Question

All,
I am pretty new to F5s and am trying to get a iRule together to replace some of the URLs. 
For example:

Replace http://user.example.net/images with https://user.example.net/images

Replace http://user.example.net/port with https://user.example.net/port

But do not change the following URL: http://user.example.net/jwp

I tried the following iRule, but it did not seem to work. 
when HTTP_REQUEST {
 Disable the stream filter by default
STREAM::disable

}
when HTTP_RESPONSE {
if {[HTTP::header value Content-Type] contains "text"}{
set find_url1 "http://user.example.net/images"
set replace_url1 "https://user.example.net/images"
set find_url2 "http://user.example.net/port"
set replace_url2 "https://user.example.net/port"
    STREAM::expression "@$find_url1@$replace_url1@ @$find_url2@$replace_url2@"
    STREAM::enable
}
else {
    STREAM::disable}

}
Any inputs will be appreciated.
Thanks!

kevin_stewart · Answer

So just to be clear, when the response payload contains this string:
http://user.example.net/images

You want to replace it with:
https://user.example.net/images

And you have an HTTPS (port 443) VIP ready to receive this request? Or perhaps the opposite - you have a port 443 VIP that must change "http://" references in the response payload to "https://", except for "/jwp", which is accessible via a port 80 HTTP VIP?

nitass · Answer

I tried the following iRule, but it did not seem to work.&nbsp;

you already remove Accept-Encoding HTTP request header, don't you?&nbsp;

jrahm · Answer

Try something like this:
when HTTP_RESPONSE {
  STREAM::disable
  set strexp ""
  if { [HTTP::header Content-Type] matches_glob "text/*ml" } {
    append strexp "@http://user.example.net/images@@"
    append strexp "@http://user.example.net/port@@"    
  }
  if { $strexp ne "" } {
    STREAM::expression $strexp
    STREAM::enable
  }
  if { [HTTP::header exists "Location"] } {
    if { [HTTP::header "Location"] starts_with "http://" } {
      HTTP::replace "Location" [string map "http:// https://" [HTTP::header "Location"]]
    }
  }
}
when STREAM_MATCHED {
  switch -glob [string tolower [STREAM::match]] {
    "http://user.example.net/images" { STREAM::replace "https://user.example.net/images" }
    "http://user.example.net/port" { STREAM::replace "https://user.example.net/port" }
  }
}

kevin_stewart · Answer

I just tested your iRule on an 11.x box and it looks okay. Minor cosmetic modification:
when HTTP_REQUEST {
    STREAM::disable
} 
when HTTP_RESPONSE {
    if { [HTTP::header Content-Type] contains "text" }{
        set find_url1 "http://user.example.net/images"
        set replace_url1 "https://user.example.net/images"
        set find_url2 "http://user.example.net/port"
        set replace_url2 "https://user.example.net/port"
        STREAM::expression "@$find_url1@$replace_url1@ @$find_url2@$replace_url2@"
        STREAM::enable
    } 
}

It changed all references to "http://user.example.net/images" and "http://user.example.net/port" to HTTPS URLs.

And the "/jwp" URL is embedded in the same page and will also be accessible via the same VIP

I don't believe this is true though. An http:// URL will not pass through a 443 VIP.

Forum Discussion

iRule to replace http with https for specific URLs

4 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

irule url host replacement

replace part of URI for specific URL and pass remaining

irule replace and modify uri and response

XFF replace iRule help

string first replacement procedure for ID999881