Thanks Peter.
After a lot of experimentation I came to the conclusion that using Stream for request processing just doesn't work - which may explain there are zilch examples I could find.
Anyway I achieved what I wanted with the below:
when HTTP_REQUEST {
# Explicitly disable the stream profile for each client-side request so it doesn't stay
# enabled for subsequent HTTP requests on the same TCP connection.
STREAM::disable
# The line below prevents the server from compressing its responses.
HTTP::header remove "Accept-Encoding"
# Apply stream profile against text responses from the application
if { [HTTP::header value Content-Type] contains "text"} {
HTTP::collect [HTTP::header Content-Length]
set clen [HTTP::header Content-Length]
}
}
when HTTP_REQUEST_DATA {
regsub -all "https://mysite" [HTTP::payload] "http://mysite" newdata
HTTP::payload replace 0 $clen $newdata
HTTP::release
}
when HTTP_RESPONSE {
# Explicitly disable the stream profile for each server-side response so it doesn't stay
# enabled for subsequent HTTP responses on the same TCP connection.
STREAM::disable
if { !([HTTP::header exists "Strict-Transport-Security"])} {
HTTP::header insert "Strict-Transport-Security" "maxage=16070400; includeSubdomains"
}
# Apply stream profile against text responses from the application
if { [HTTP::header value Content-Type] contains "text"} {
# Look for the http:// and replace it with https://
STREAM::expression {@http:@https:@ @//mysite/@//mysite.example/@}
# Enable the stream profile for this response only
STREAM::enable
}
}