Hello all!  Well, I am back from vacationing from Cozumel…  I am glad to be back in the US (and to have Internet access) and it just so happens that I ran across something fun that I wanted to share.

Often overlooked by those seeking BIG-IP answers to web related problems is a very powerful feature called “Stream Profiles”.  So what exactly is a stream profile?  Well I am glad you asked!

In short a stream profile is a profile that can be used to replace strings of your choosing in server side response data.  They are generally pretty lightweight as far as CPU ticks go and are pretty easy to write.  When I have used them in the past, I have kept most of mine simple, doing what I call string for string replacements such as replacing the word “old” with the word “new”.  However, the stream profile can leverage basic regex syntax to for your more creative solutions if you ever have need.

Now when do stream profiles come in handy?  Well I can give you a real world example.  I was troubleshooting an issue with the login page of a web application the other day and realized that the submit button for the application was hard coded to POST to an HTTP address but I was attempting to use the application over HTTPS.

Being no stranger to iRules and laughing to myself how easy this one would be to solve, I simple created a VIP to listen on HTTP and threw my trusty HTTP_TO_HTTPS iRule on it.  Then I went back and checked the application.

I typed in the URL, using HTTP this time to check the redirect was taking place now and of course was forwarded over to HTTPS via the iRule.  Success!  Or so I thought…. I plugged in the test username and password, hit SUBMIT and received the page that said I had submitted the wrong username and password.  Thinking I fat fingered it, I went back, plugged in my credentials again (this time doing the super slow typing trying while saying my password out loud, yes you know what I am talking about) and hit submit again.  And was thwarted again.

I pulled up my trusty HTTP Watch program and went through the series of events once again.  The redirect was working for HTTP over to HTTPS, but something seemed to be going wrong where the web application was using the POST method.  The POST data was still intact after the redirect (here is how to pull that off), but something else was messing with the code.  Hmmm….  Could it be related to http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Section 10.3.3 which states “If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.”

Well that certainly might cause a problem with the code we were testing!  Then drilling down a bit further into our test application we realized that the URL that the “Submit” button was performing the POST to was actually being pulled dynamically by the application from a database server entry.  Being unable to modify that database entry because of a variety of reasons we decided to leverage the BIG-IP’s Stream profile abilities.

So you see, it was a bit of a complex problem in our case, yet the solution was “BIG-IP Easy”.  I logged into the LTM, click Profiles, Other, Stream and then the Create button.

Give it a name, select “stream” as the parent profile, leave the source blank and then input your target information.  This is the part that allows you to substitute one outbound word for another.  For example we want to replace and old URL with a new URL.  The old URL is http://myold.url.com:80 and the new URL is https://mynew.url.com.

In the “Target” box you would type:

@http://myold.url.com:[email protected]://[email protected]

Then save the profile and apply it to the VIP that is in need of the fix.  That is it!  Now the data in the content stream going back to the client it will be re-written according to your selection.  You of course can use different delimiters than the @ sign if you like and you can even add another string for the profile to replace if you like.  All you have to do in that case is add a space after the last delimiter, add another delimiter and then the next string/replacement string combo.

If you are liking what you are hearing so far but want to use different delimiters, leverage regex and/or do all of this in an iRule rather than a profile, I highly suggest you check out a Tech Tip on DevCentral written by Deb Allen on September 11th, 2007.  Here is shortcut to that article.

 

Share

3 comments so far

Add Your Comment
  1. Nice article , i could visualise what ever you mentioned in the article… Digging in to the application ( http based) is damn interesting . Good Article mate… keep it up and expecting more of this sort

  2. Hey would the same solution work for allowing mixed content? We are SSL offloading on the F5 and the server responds with some unsecured data (iframes and images) and google chrome denies this traffic completely.
    If I do this;
    @http://myold.url.com:[email protected]://[email protected]
    would it Google Chrome stop throwing out that error?

    Sorry I’m not good with the application level stuff. Hope this makes sense. :|

    Thanks!

  3. I haven’t tried this for mixed content. If I get a chance though I will tinker with it and see! For your case, you might consider taking a look at this:

    https://devcentral.f5.com/articles/rewriting-redirects

    Hope you have a good one!