making a http site https

[Deleted User][Deleted User]
in aFleX
Posted by jmaddox

is there a "fill in the blank" aflex that can be used to rewrite hardcoded hrefs in ssl offloaded applications?

Comments

  • [Deleted User][Deleted User]
    edited February 2014
    Posted by ddesmidt

    I let you read the example "Transparently convert an HTTP web application to HTTPS" under "Flexibility" on the aFleX example page:http://www.a10networks.com/vadc/index.php/aflex-examples/


    Now to reply to your question, here is the same aFleX with a variable defined at the beginning:

    Code:

    when RULE_INIT { ################################## # Enter your domain set ::domain www.example.com ################################## } when HTTP_REQUEST { # Force servers to not reply with compression (compression can be enabled on the AX) HTTP::header remove Accept-Encoding } when HTTP_RESPONSE { # Test if the servers are sending a redirect and if so rewrite the redirect with https if { [HTTP::header exists "Location"]} { if {([HTTP::header "Location"] starts_with "http://$::domain")} { regsub "http://$::domain" [HTTP::header Location] "https://$::domain" new_location HTTP::header replace Location $new_location } } # Collect http response if the response time is text based to rewrite absolute links if { [HTTP::header "Content-Type"] starts_with "text" } { HTTP::collect } } when HTTP_RESPONSE_DATA { # Rewrite absolute links from http://$::domain/* to https://$::domain/* set payload_length [HTTP::payload length] regsub -all "http://$::domain" [HTTP::payload] "https://$::domain" new_payload HTTP::payload replace 0 $payload_length $new_payload HTTP::release }
  • shannontutenshannontuten Member
    edited February 2014
    Is there a way to generize this such that instead of giving it the hostname that it take the hostname from the request and flip any URLs referencing that host to https?
  • mischamischa Member
    edited February 2014
    That is indeed possible. It would be something like:

    when HTTP_REQUEST { # Force servers to not reply with compression (compression can be enabled on the AX) HTTP::header remove Accept-Encoding set domain [HTTP::host] } when HTTP_RESPONSE { # Test if the servers are sending a redirect and if so rewrite the redirect with https if { [HTTP::header exists "Location"]} { if {([HTTP::header "Location"] starts_with "http://$domain")} { regsub "http://$domain" [HTTP::header Location] "https://$domain" new_location HTTP::header replace Location $new_location } } # Collect http response if the response time is text based to rewrite absolute links if { [HTTP::header "Content-Type"] starts_with "text" } { HTTP::collect } } when HTTP_RESPONSE_DATA { # Rewrite absolute links from http://$domain/* to https://$domain/* set payload_length [HTTP::payload length] regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload HTTP::payload replace 0 $payload_length $new_payload HTTP::release }
  • shannontutenshannontuten Member
    edited February 2014
    Works great. Thanks for your assistance.
  • mischamischa Member
    edited February 2014
    Good to hear! Thanx for letting me know.
  • shannontutenshannontuten Member
    edited February 2014
    Would it be possible to have more than a single token for search and replace? So this is replacing http://domain with https://domain. I'd like to also search the payload for another string to search and replace. Would I, can I, simply insert another regsub or can the regsub take two substrings to search and replace?

    Hopefully that makes sense. Thanks a ton for your help.
  • mischamischa Member
    edited February 2014
    Yes, you can. You would need to do something like:

    when HTTP_RESPONSE_DATA { set payload_length [HTTP::payload length] regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload1 regsub -all "RANDOMSTRING" new_payload1 "REPLACESTRING" new_payload2 HTTP::payload replace 0 $payload_length $new_payload2 HTTP::release }
  • shannontutenshannontuten Member
    edited February 2014
    That seems to work just fine, only addition is to add a $ to new_payload1 in the second regsub or else it treats it as a literal. Thanks again for your help. The working code is as follows:

    when HTTP_RESPONSE_DATA {
    set payload_length [HTTP::payload length]
    regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload1
    regsub -all "RANDOMSTRING" $new_payload1 "REPLACESTRING" new_payload2
    HTTP::payload replace 0 $payload_length $new_payload2
    HTTP::release
    }
  • andyo.kyiv.uaandyo.kyiv.ua Member
    edited June 2014
    Hello Gents,
    I'd ask U to look carefully at piece of code and answer my final Q:
    set payload_length [HTTP::payload length]
    #just now we took original payload length
    regsub -all "http://$::domain" [HTTP::payload] "https://$::domain" new_payload
    #just now we changed payload by increasing it on N, where N is number of "http://$::domain" entries in original payload
    HTTP::payload replace 0 $payload_length $new_payload
    #and just now we tried to replace exactly $payload_length leading bytes of original payload with $new_payload, but because $new_payload's length is bigger than $payload_length last operation totally replace payload with $new_payload, is it correct?
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal