Posted by jmaddox
is there a “fill in the blank” aflex that can be used to rewrite hardcoded hrefs in ssl offloaded applications?
Posted by ddesmidt I let you read the example “Transparently convert an HTTP web application to HTTPS” under “Flexibility” on the aFleX example page:http://www.a10networks.com/vadc/index.php/aflex-examples/ Now to reply to your question, here is the same aFleX with a variable defined at the beginning: Code: when RULE_INIT { ################################## # Enter your domain set ::domain www.example.com ################################## } when HTTP_REQUEST { # Force servers to not reply with compression (compression can be enabled on the AX) HTTP::header remove Accept-Encoding } when HTTP_RESPONSE { # Test if the servers are sending a redirect and if so rewrite the redirect with https if { [HTTP::header exists "Location"]} { if {([HTTP::header "Location"] starts_with "http://$::domain")} { regsub "http://$::domain" [HTTP::header Location] "https://$::domain" new_location HTTP::header replace Location $new_location } } # Collect http response if the response time is text based to rewrite absolute links if { [HTTP::header "Content-Type"] starts_with "text" } { HTTP::collect } } when HTTP_RESPONSE_DATA { # Rewrite absolute links from http://$::domain/* to https://$::domain/* set payload_length [HTTP::payload length] regsub -all "http://$::domain" [HTTP::payload] "https://$::domain" new_payload HTTP::payload replace 0 $payload_length $new_payload HTTP::release }
Is there a way to generize this such that instead of giving it the hostname that it take the hostname from the request and flip any URLs referencing that host to https?
That is indeed possible. It would be something like:
`when HTTP_REQUEST { # Force servers to not reply with compression (compression can be enabled on the AX) HTTP::header remove Accept-Encoding set domain [HTTP::host] }
when HTTP_RESPONSE { # Test if the servers are sending a redirect and if so rewrite the redirect with https if { [HTTP::header exists “Location”]} { if {([HTTP::header “Location”] starts_with “http://$domain”)} { regsub “http://$domain” [HTTP::header Location] “https://$domain” new_location HTTP::header replace Location $new_location } } # Collect http response if the response time is text based to rewrite absolute links if { [HTTP::header “Content-Type”] starts_with “text” } { HTTP::collect } }
when HTTP_RESPONSE_DATA { # Rewrite absolute links from http://$domain/* to https://$domain/* set payload_length [HTTP::payload length] regsub -all “http://$domain” [HTTP::payload] “https://$domain” new_payload HTTP::payload replace 0 $payload_length $new_payload HTTP::release }`
Works great. Thanks for your assistance.
Good to hear! Thanx for letting me know.
Would it be possible to have more than a single token for search and replace? So this is replacing http://domain with https://domain. I’d like to also search the payload for another string to search and replace. Would I, can I, simply insert another regsub or can the regsub take two substrings to search and replace?
Hopefully that makes sense. Thanks a ton for your help.
Yes, you can. You would need to do something like:
when HTTP_RESPONSE_DATA { set payload_length [HTTP::payload length] regsub -all "http://$domain" [HTTP::payload] "https://$domain" new_payload1 regsub -all "RANDOMSTRING" new_payload1 "REPLACESTRING" new_payload2 HTTP::payload replace 0 $payload_length $new_payload2 HTTP::release }
That seems to work just fine, only addition is to add a $ to new_payload1 in the second regsub or else it treats it as a literal. Thanks again for your help. The working code is as follows:
when HTTP\_RESPONSE\_DATA \{
set payload\_length [HTTP::payload length]
regsub -all "http://$domain" [HTTP::payload] "https://$domain" new\_payload1
regsub -all "RANDOMSTRING" $new\_payload1 "REPLACESTRING" new\_payload2
HTTP::payload replace 0 $payload\_length $new\_payload2
HTTP::release
}
Hello Gents,
I’d ask U to look carefully at piece of code and answer my final Q:
set payload_length [HTTP::payload length]
#just now we took original payload length
regsub -all "http://$::domain" [HTTP::payload] "https://$::domain" new\_payload
\#just now we changed payload by increasing it on N, where N is number of "http://$::domain" entries in original payload
HTTP::payload replace 0 $payload\_length $new\_payload
\#and just now we tried to replace exactly $payload\_length leading bytes of original payload with $new\_payload, but because $new\_payload's length is bigger than $payload\_length last operation totally replace payload with $new\_payload, is it correct?