Juniper DX (Redline Apprue) - AX aFleX conversion
![[Deleted User]](https://wf.vanillicon.com/v2/f2e355de37eb46e422bc110a667bdfbb.svg)
in aFleX
Posted by ddesmidt
HTTP and HTTPS web applications were front ended by Juniper DXs (acquisition of Redline Networks).
In addition to load balancing, the Juniper DX was removing SSL to talk to the servers via http. To transparently remove SSL for their application, the Juniper DX utilized Apprules to rewrite some elements in the https requests and responses.
Since the Juniper DX platform has been replaced by the A10 AX platform, below is the translation from Apprules to aFleX:
Apprule1 rewrites the request header "Referer" from "https:/*" to "http:/*" and the query string (uri):
Code:
aFleX translation:
Code:
Apprule2 replaces the response header “Referer" from "http:/*" to "https:/*" and response header “Set-Cookie” from "http:" to "https:":
Code:
aFleX translation:
Code:
Apprule3 replaces the response data (for elements like absolute links) from "http:/www.yoursite.com/*" to "https:/www.yoursite.com/*","http:/www.yoursite.com:80/*" to "https:/www.yoursite.com/*", "http:/mysites.yoursite.com/*" to "https:/mysites.yoursite.com/*" and "http:/mysites.yoursite.com:80/*" to "https:/mysites.yoursite.com/*":
Code:
aFleX translation:
Code:
HTTP and HTTPS web applications were front ended by Juniper DXs (acquisition of Redline Networks).
In addition to load balancing, the Juniper DX was removing SSL to talk to the servers via http. To transparently remove SSL for their application, the Juniper DX utilized Apprules to rewrite some elements in the https requests and responses.
Since the Juniper DX platform has been replaced by the A10 AX platform, below is the translation from Apprules to aFleX:
Apprule1 rewrites the request header "Referer" from "https:/*" to "http:/*" and the query string (uri):
Code:
RTH: request_header "Referer" starts_with "https://" then replace request_header "Referer" term "http://" and continue
RTH: query_string contains "https:" then replace query_string term "http:" and continue aFleX translation:
Code:
when HTTP_REQUEST {
HTTP::header replace Referer [string map {"http://" "https://"} [HTTP::header Referer]]
HTTP::uri [string map {"http://" "https://"} [HTTP::uri]]
}
Apprule2 replaces the response header “Referer" from "http:/*" to "https:/*" and response header “Set-Cookie” from "http:" to "https:":
Code:
PTH: reply_header "Referer" starts_with "http://" then replace reply_header "Referer" term "https://" and continue
PTH: reply_header "Set-Cookie" contains "http:" then replace reply_header "Set-Cookie" term "https:" and continue aFleX translation:
Code:
when HTTP_RESPONSE {
HTTP::header replace Referer [string map {"http://" "https://"} [HTTP::header Referer]]
HTTP::header replace "Set-Cookie" [string map {"http://" "https://"} [HTTP::header "Set-Cookie"]]
}
Apprule3 replaces the response data (for elements like absolute links) from "http:/www.yoursite.com/*" to "https:/www.yoursite.com/*","http:/www.yoursite.com:80/*" to "https:/www.yoursite.com/*", "http:/mysites.yoursite.com/*" to "https:/mysites.yoursite.com/*" and "http:/mysites.yoursite.com:80/*" to "https:/mysites.yoursite.com/*":
Code:
PTC: content contains "http://www.yoursite.com" then replace content term "https://www.yoursite.com"
PTC: content contains "https://www.yoursite.com:80" then replace content term "https://www.yoursite.com"
PTC: content contains "http://mysites.yoursite.com" then replace content term "https://mysites.yoursite.com"
PTC: content contains "https://mysites.yoursite.com:80" then replace content term https://mysites.yoursite.com”
aFleX translation:
Code:
when HTTP_RESPONSE {
set http_status [HTTP::status]
set http_content_type [HTTP::header "Content-Type"]
# collect response data only for responses that contain an object (response code 200)
# and objects type text (type text/*) such as html, css, and javascript
if { $http_status equals "200"} {
if { $http_content_type contains "text"} {
set len [HTTP::header Content-Length]
HTTP::collect $len
} else {
HTTP::collect
}
}
}
when HTTP_RESPONSE_DATA {
# when response data is collected, rewrite the different elements with "https"
set clen [HTTP::payload length]
regsub -all "http://www.yoursite.com:80" [HTTP::payload] "https://www.yoursite.com" newdata
regsub -all "http://www.yoursite.com" $newdata "https://www.yoursite.com" newdata1
regsub -all "http://mysites.yoursite.com:80" $newdata1 "https://mysites.yoursite.com" newdata2
regsub -all "http://mysites.yoursite.com" $newdata2 "https://mysites.yoursite.com" newdata3
HTTP::payload replace 0 $clen $newdata3
HTTP::release
}
0