Options
making a http site https
![[Deleted User]](https://w2.vanillicon.com/v2/2bb29d357b97c8440eefe2439893b4f2.svg)
in aFleX
Posted by jmaddox
is there a "fill in the blank" aflex that can be used to rewrite hardcoded hrefs in ssl offloaded applications?
is there a "fill in the blank" aflex that can be used to rewrite hardcoded hrefs in ssl offloaded applications?
0
Comments
I let you read the example "Transparently convert an HTTP web application to HTTPS" under "Flexibility" on the aFleX example page:http://www.a10networks.com/vadc/index.php/aflex-examples/
Now to reply to your question, here is the same aFleX with a variable defined at the beginning:
Code:
when RULE_INIT { ################################## # Enter your domain set ::domain www.example.com ################################## } when HTTP_REQUEST { # Force servers to not reply with compression (compression can be enabled on the AX) HTTP::header remove Accept-Encoding } when HTTP_RESPONSE { # Test if the servers are sending a redirect and if so rewrite the redirect with https if { [HTTP::header exists "Location"]} { if {([HTTP::header "Location"] starts_with "http://$::domain")} { regsub "http://$::domain" [HTTP::header Location] "https://$::domain" new_location HTTP::header replace Location $new_location } } # Collect http response if the response time is text based to rewrite absolute links if { [HTTP::header "Content-Type"] starts_with "text" } { HTTP::collect } } when HTTP_RESPONSE_DATA { # Rewrite absolute links from http://$::domain/* to https://$::domain/* set payload_length [HTTP::payload length] regsub -all "http://$::domain" [HTTP::payload] "https://$::domain" new_payload HTTP::payload replace 0 $payload_length $new_payload HTTP::release }when HTTP_REQUEST { # Force servers to not reply with compression (compression can be enabled on the AX) HTTP::header remove Accept-Encoding set domain [HTTP::host] } when HTTP_RESPONSE { # Test if the servers are sending a redirect and if so rewrite the redirect with https if { [HTTP::header exists "Location"]} { if {([HTTP::header "Location"] starts_with "http://$domain")} { regsub "http://$domain" [HTTP::header Location] "https://$domain" new_location HTTP::header replace Location $new_location } } # Collect http response if the response time is text based to rewrite absolute links if { [HTTP::header "Content-Type"] starts_with "text" } { HTTP::collect } } when HTTP_RESPONSE_DATA { # Rewrite absolute links from http://$domain/* to https://$domain/* set payload_length [HTTP::payload length] regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload HTTP::payload replace 0 $payload_length $new_payload HTTP::release }Hopefully that makes sense. Thanks a ton for your help.
when HTTP_RESPONSE_DATA { set payload_length [HTTP::payload length] regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload1 regsub -all "RANDOMSTRING" new_payload1 "REPLACESTRING" new_payload2 HTTP::payload replace 0 $payload_length $new_payload2 HTTP::release }when HTTP_RESPONSE_DATA {
set payload_length [HTTP::payload length]
regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload1
regsub -all "RANDOMSTRING" $new_payload1 "REPLACESTRING" new_payload2
HTTP::payload replace 0 $payload_length $new_payload2
HTTP::release
}
I'd ask U to look carefully at piece of code and answer my final Q:
set payload_length [HTTP::payload length]
#just now we took original payload length
regsub -all "http://$::domain" [HTTP::payload] "https://$::domain" new_payload
#just now we changed payload by increasing it on N, where N is number of "http://$::domain" entries in original payload
HTTP::payload replace 0 $payload_length $new_payload
#and just now we tried to replace exactly $payload_length leading bytes of original payload with $new_payload, but because $new_payload's length is bigger than $payload_length last operation totally replace payload with $new_payload, is it correct?