Url Redirect without url change

mbarrymbarry Member
We are trying to write a script that redirects a user when they enter a url, but keeps the url the same.

We have the url - https://bla.company.com

When a user enters this url we want to redirect them to - https://otherserver/site

but we want to keep the url as https://bla.company.com

I can get this working so that it'll redirect, but the url changes.

Any ideas how i would accomplish this?


  • diederikdiederik Member
    edited May 2017
    The nature of URL redirection is, that you tell the browser that it needs to go somewhere else.

    So if you tell the browser to go to https://otherserver/site, that is what it will show to the client. At HTTP protocol level there is no option to make the browser "pretend" to go somewhere while really going somewhere else.

    People with malicious intend would very happy with such an option ;)

    You might be able to create a frame on the ADC and within the frame load content of the other site. The browser will keep showing the outside frame's address in the URL bar.
  • DaniTomDaniTom Member
    edited May 2017
    another option: You could use the new URL/server as a "local" server behind your VIP/virtual server.
    So, you don't redirect the client to the new url. The A10 gets the content from otherserver and presents it to the client as https://bla.company.com.

    Problem hereb is the point if you need a special path on the new server. Then I think you need to create an aflex script to get the content from the new url and present it to the client via the old url.
    Another point: Is the company (security) policy allowing that you present content from anotoher URL under your URL ;o)

  • andimorrisandimorris Member
    edited May 2017
    What mbarry is asking (we're working on a number of projects together here), is whether it is possible to do more as DaniTom has said. e.g.

    client browses to https://www.domain.com but the A10 actually presents the web page from https://webserver.domain.com/somewebsite whilst keeping the original URL in the address bar.

    I see the security concerns if this was pointing to a rogue website, but I think this is more in line with hiding the actual web server hostname, plus adding a path to the request. We used to do something similar in Microsoft TMG.
  • diederikdiederik Member
    edited May 2017
    Of course it is possible to use aFlex to rewrite the request URI and content when you keep the ADC in between the client and the webserver.

    (on top of my head, not checked code)
    when HTTP_REQUEST {
        set URI [string tolower [HTTP::uri]]
        set HOST [string tolower [HTTP::host]]
        set NEWHOST "webserver.domain.com"
        set NEWURI "/somewebsite"
    # I prefer setting variables, but that is less efficient, depending on if you want to use things like regsub/switch etc. in this case you could also use HTTP::uri or HTTP::host directly in the IF statement.
        if {{$HOST equals "www.domain.com"} {
            HTTP::host $NEWHOST
            HTTP::uri $NEWURI . $URI  

    also you need to check the content, make sure the new server uses relative links... or use code to rewrite all content coming from the server something like:

    You should probbably add some code to make sure you only look for content to rewrite for "locations" that actually need rewrites on the way from the server to the client, I kept that part out of this code snipet.
    when HTTP_RESPONSE {
    # Collect http response if the response time is text based to rewrite absolute links
         if { [HTTP::header "Content-Type"] starts_with “text” } {
    set payload_length [HTTP::payload length] 
    HTTP::payload replace 0 $payload_length [string map {“webserver.domain.com/somewebsite” 
    “www.domain.com”} [HTTP::payload]] 
  • andimorrisandimorris Member
    edited May 2017
    Thanks very much. We thought it was possible, but just struggling to get anything to work. We'd tried various Aflex scripts, and HTTP filters with redirect/rewrite, but it still wasn't quite right.

    This looks to fit the right logic. I'm having some issues with syntax, but I'll work on that.
  • andimorrisandimorris Member
    edited May 2017
    Still struggling with this. The example code was relentlessly failing syntax checks with "extra tokens at end of expression" as the error.

    I stripped it right down to basics and it eventually passed the syntax checker. The logic still seems sound, but I'm still not getting sent to the extra path.

    I took the HTTP::host reference out as a trial, as I realised that the web server in the service group will actually work for this, so really it's just the path to add on
    when HTTP_REQUEST {
        if {[HTTP::host] matches "services.domain.com"} {
    #        [HTTP::host] "webserver.internal.domain"
            [HTTP::uri] "/services"
  • andimorrisandimorris Member
    edited May 2017
    OK, quick update.

    The following works, however it is just redirecting the user to services.domain.com/services

    We require the user to see services.domain.com in the address bar, but really the page is coming from webserver.internal.domain/services

    when HTTP_REQUEST {
    if {[HTTP::host] matches "services.domain.com" and [HTTP::uri] matches "/"} {
    # [HTTP::host] "webserver.internal.domain"
    HTTP::uri /services
  • diederikdiederik Member
    edited May 2017
    HTTP_REQUEST takes action on the information the client sends to the ADC, before the ADC sends it to the Server.

    When the server receives a request, it will respond with "location" information etc.
    So when the client receives that info it will adjust what is shown accordingly.

    HTTP_RESPONSE and HTTP_RESPONSE_DATA will take care of the content coming back from the server to the client.
    So you really need to get that part working as well.

    What might go wrong is that the " are all different.
    Only one type is supported.
    And I see I had dubble { in some places.
  • andimorrisandimorris Member
    edited May 2017
    Thanks for the reply Diederik. I'll have to do some research here and get back.
  • edited June 2017
    I am trying to do basically the same thing and am getting stuck.
    I am trying to connect to https://site.dev.com which is pointing to the virtual server IP on the AX. We are using https and SNAT with an AFLEX. Given the aFlex and forwarded header data, I should get the content from www.site.com (as seen in the aFlex) but not have my browser URL change from https://site.dev.com
    when RULE_INIT {
    set ::DEBUG 0

    when HTTP_REQUEST {
    set timestamp [TIME::clock seconds]
    set src_ip [IP::client_addr]
    set src_port [TCP::client_port]
    set dst_ip [IP::local_addr]
    set dst_port [TCP::local_port]
    set domain [HTTP::host]
    HTTP::header replace Host "www.site.com"
    HTTP::header insert X-Forwarded-Proto "http"
    HTTP::header insert X-Forwarded-Port 443
    HTTP::header insert X-Forwarded-For $src_ip
    HTTP::header insert X-Forwarded-Host $domain

    #Add a log for debugging
    if { $::DEBUG > 0} {
    set log_str "\[$timestamp\] $cip:$cport -> $vip:$vport to $snat_ip:$snat_port -> $sip:$sport"
    log local5.INFO $log_str
    The connection is being closed out by the server with the following detail and I am not sure what Invalid Verb is in terms of the communication between the AX SNAT IP and the IIS 6 server on the backend.

    GHHTTP/1.1 400 B
    ad Reque st..Cont
    ent-Type : text/h
    tml..Dat e:Wed,
    07 Jun 2 017 20:2
    6:54 GMT ..Connec
    tion: cl ose..Con
    tent-Len gth: 35.
    ...<h1>B ad Reque
    st (Inva lid Verb)</h1>

    I can point directly to the server and can get the content to load.

    Help is much appreciated.

  • MoratoMorato Member

    Hello, for this case, did anybody can find the best solution for redirect page without change the URL showed in web browser?

Sign In or Register to comment.