Images get corrupted with stream profile

Question

Hi,
I am installing a F5 cluster with https termination.  Https to the client, http to the server, and a stream profile (with the well-known irule here-under) to rewrite the http links to https.  
The rewriting is done correctly from what I can see in the links on the website.  Meanwhile, as soon as I turn the stream profile on, my images are randomly getting corrupted and not displayed. When I remove the stream profile, website appears correctly (but some images and links are in http).
 Rule : Stream-Rewrite_HTTP_to_HTTPS_Homol_v01
 Description : 
 - Replace http:// with https:// in response content
 - Prevents server compression in responses
 - Solve potential issue with cookie persistance SOL7964

when HTTP_REQUEST {

SOL7964 detach the server side after each request
    if { [HTTP::cookie names] contains "BIGipServer" } {
       LB::detach
    }

Disable the stream filter for all requests
    STREAM::disable

Prevent the server from sending a compressed response by removing the compression offerings from the client
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {

Check if response type is text
    if {[HTTP::header value Content-Type] contains "text"}{

Replace http:// with https://
        STREAM::expression {@http://@https://@}

Enable the stream filter for this response only
        STREAM::enable
    }
}

Anyone has had this issue before or has any idea to help here ?
I have tested without ssl profile (using ) and I have the same issue.
I have tested the same config on 11.5.1 and on 11.6.0.
I have also tested without asm profile and it makes no difference.
Thanks, and happy Christmas and new year to all.
David

nitass · Answer

have you ever used http analyzer tool such as httpfox? could it be helpful?&nbsp;
HttpFox&nbsp;
https://addons.mozilla.org/en-US/firefox/addon/httpfox/&nbsp;

john_alam_45640 · Answer

SOL7964 says you can do this with a ONE-CONNECT profile or with an iRule.&nbsp;
Have you tried the ONE-CONNECT?  and a STREAM profile, no iRUle.&nbsp;

oncle_dave · Answer

Hi nitass, Thanks for the tip.  I do know and use httpfox.  Great tool.  Meanwhile, it didn't help in this case as the image was send but corrupt.
Hi John, Thanks for the link.  I did try a stream profile without iRule, same issue.  From what I know, one-connect is something else.  Maybe I am wrong, but ...
In the meantime , I did some more detailed analyse of tcpdumps I have made and found out what the issue was.
The stream profile did some rewriting inside the images !!!  This is strange as it should only analyse text with the if condition ...  Does also not explain why the images were randomly not appearing ...
What I have done to solve the issue is make the text strings more precise in the stream.
STREAM::expression {@ @ @}
It is not optimal but it works.  I am just hoping there is not to much content coming from different external websites 😉
If anyone has a better solution, like making the stream not check images, please lett me know.
Thanks
Regards,

mohamed_lrhazi · Answer

As nitass says, you need to find out exactly what is happening to your images.. the actual binary is somehow corrupted? or the IMG src urls are incorrectly tempered with? how? maybe those images are just not available via https?

michael_jenkins · Answer

If you look at the requests going to the server in httpfox, what the status code that gets returned on the images you're having problems with? Is it a 404, 200, etc...? ,

Forum Discussion

Images get corrupted with stream profile

9 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

How to use F5 image generator tool to prep BIG-IP images for AWS and Azure

Server Profile SNI

Image installation status audited

Update your DevCentral user profile

DoS Profiles