NimbostratusStream/irule to deal with mixed content (http/https)
We have a web server behind a 443 VIP on the F5, with the connection between the F5 and the server unencrypted. As a result, the webserver is including references to javascripts beginning with http:// in the pages it passes to the client. We have the default http > https redirect set up on the VS, but this does not translate the http script references, just uri of the page itself. This causes Chrome, IE, etc to give warnings about insecure content.
I am trying to get around this by setting a stream profile together with an iRule that I found elsewhere on DevCentral. The iRule is as follows:
when HTTP_REQUEST {
Save the requested host value
set host [string tolower [HTTP::host]]
If the HTTP host header is blank, use the VS IP address
If the VS IP is not routable for clients, hard code a routable IP
to replace [IP::local_addr]
if {$host eq ""}{set host [IP::local_addr]}
Disable the stream filter by default
STREAM::disable} when HTTP_RESPONSE {
Check if response type is text and host isn't null
if {[HTTP::header value Content-Type] contains "text" and $host ne ""}{
Replace http://$host with https://$host
STREAM::expression "@http://$host@https://$host@"
Enable the stream filter for this response only
STREAM::enable
}
Rewrite the Location header in redirects to https://
if { [HTTP::is_redirect] && [string tolower [HTTP::header Location]] starts_with "http://$host"} {
HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]
}}
When I try to apply this irule to the web server iapp, it returns the message: "STREAM::disable in rule requires an associated STREAM profile on the virtual-server". I have set the stream profile on the virtual server to the default common stream profile, which I believe is supposed to be sufficient, but I still get the same message.
Anyone have any idea what I need to do to get this to work? We are running BIGIP 14.1.0.2.0.0.4
