The nature of URL redirection is, that you tell the browser that it needs to go somewhere else.
So if you tell the browser to go to https://otherserver/site, that is what it will show to the client. At HTTP protocol level there is no option to make the browser “pretend” to go somewhere while really going somewhere else.
People with malicious intend would very happy with such an option
You might be able to create a frame on the ADC and within the frame load content of the other site. The browser will keep showing the outside frame’s address in the URL bar.
Hi,
another option: You could use the new URL/server as a “local” server behind your VIP/virtual server.
So, you don’t redirect the client to the new url. The A10 gets the content from otherserver and presents it to the client as https://bla.company.com.
Problem hereb is the point if you need a special path on the new server. Then I think you need to create an aflex script to get the content from the new url and present it to the client via the old url.
Another point: Is the company (security) policy allowing that you present content from anotoher URL under your URL ;o)
What mbarry is asking (we’re working on a number of projects together here), is whether it is possible to do more as DaniTom has said. e.g.
client browses to https://www.domain.com but the A10 actually presents the web page from https://webserver.domain.com/somewebsite whilst keeping the original URL in the address bar.
I see the security concerns if this was pointing to a rogue website, but I think this is more in line with hiding the actual web server hostname, plus adding a path to the request. We used to do something similar in Microsoft TMG.
Of course it is possible to use aFlex to rewrite the request URI and content when you keep the ADC in between the client and the webserver. (on top of my head, not checked code)
when HTTP_REQUEST {
set URI [string tolower [HTTP::uri]]
set HOST [string tolower [HTTP::host]]
set NEWHOST "webserver.domain.com"
set NEWURI "/somewebsite"
# I prefer setting variables, but that is less efficient, depending on if you want to use things like regsub/switch etc. in this case you could also use HTTP::uri or HTTP::host directly in the IF statement.
if {{$HOST equals "www.domain.com"} {
HTTP::host $NEWHOST
HTTP::uri $NEWURI . $URI
}
also you need to check the content, make sure the new server uses relative links… or use code to rewrite all content coming from the server something like: You should probbably add some code to make sure you only look for content to rewrite for “locations” that actually need rewrites on the way from the server to the client, I kept that part out of this code snipet.
when HTTP_RESPONSE {
# Collect http response if the response time is text based to rewrite absolute links
if { [HTTP::header "Content-Type"] starts_with “text” } {
HTTP::collect
}
}
when HTTP_RESPONSE_DATA {
set payload_length [HTTP::payload length]
HTTP::payload replace 0 $payload_length [string map {“webserver.domain.com/somewebsite”
“www.domain.com”} [HTTP::payload]]
HTTP::release
}
Thanks very much. We thought it was possible, but just struggling to get anything to work. We’d tried various Aflex scripts, and HTTP filters with redirect/rewrite, but it still wasn’t quite right.
This looks to fit the right logic. I’m having some issues with syntax, but I’ll work on that.
Still struggling with this. The example code was relentlessly failing syntax checks with “extra tokens at end of expression” as the error. I stripped it right down to basics and it eventually passed the syntax checker. The logic still seems sound, but I’m still not getting sent to the extra path. I took the HTTP::host reference out as a trial, as I realised that the web server in the service group will actually work for this, so really it’s just the path to add on
when HTTP_REQUEST {
if {[HTTP::host] matches "services.domain.com"} {
# [HTTP::host] "webserver.internal.domain"
[HTTP::uri] "/services"
}
}
HTTP_REQUEST takes action on the information the client sends to the ADC, before the ADC sends it to the Server.
When the server receives a request, it will respond with “location” information etc.
So when the client receives that info it will adjust what is shown accordingly.
HTTP_RESPONSE and HTTP_RESPONSE_DATA will take care of the content coming back from the server to the client.
So you really need to get that part working as well.
What might go wrong is that the " are all different.
Only one type is supported.
And I see I had dubble { in some places.
Hello,
I am trying to do basically the same thing and am getting stuck.
I am trying to connect to https://site.dev.com which is pointing to the virtual server IP on the AX. We are using https and SNAT with an AFLEX. Given the aFlex and forwarded header data, I should get the content from www.site.com (as seen in the aFlex) but not have my browser URL change from https://site.dev.com
when RULE_INIT {
set ::DEBUG 0
}
when HTTP_REQUEST { set timestamp [TIME::clock seconds] set src_ip [IP::client_addr] set src_port [TCP::client_port] set dst_ip [IP::local_addr] set dst_port [TCP::local_port] set domain [HTTP::host] HTTP::header replace Host “www.site.com” HTTP::header insert X-Forwarded-Proto “http” HTTP::header insert X-Forwarded-Port 443 HTTP::header insert X-Forwarded-For $src_ip HTTP::header insert X-Forwarded-Host $domain
#Add a log for debugging if { $::DEBUG > 0} { set log_str “[$timestamp] $cip:$cport → $vip:$vport to $snat_ip:$snat_port → $sip:$sport” log local5.INFO $log_str } } ---------------------------------------------- The connection is being closed out by the server with the following detail and I am not sure what Invalid Verb is in terms of the communication between the AX SNAT IP and the IIS 6 server on the backend.
GHHTTP/1.1 400 B ad Reque st..Cont ent-Type : text/h tml..Dat e:Wed, 07 Jun 2 017 20:2 6:54 GMT ..Connec tion: cl ose..Con tent-Len gth: 35. …
B ad Reque st (Inva lid Verb)
I can point directly to the server and can get the content to load.
You can use a server-side redirect using PHP or server configuration such as Apache’s mod_rewrite.
Here is how..
Create a PHP file ..
"<?php
// Perform any necessary checks or processing here before the redirect
// Set the target URL
$targetUrl = 'https://otherserver/site’;
// Perform the redirect using a “Location” header
header('Location: ’ . $targetUrl);
exit;
?>"
Configure your web server to rewrite requests for https://bla.company.com to the redirect.php file then you can use mod_rewrite. Add the following rules to your .htaccess file.
"RewriteEngine On
RewriteCond %{HTTP_HOST} ^bla.company.com$ [NC]
RewriteRule ^$ /redirect.php [L]
"
This will rewrite requests for https://bla.company.com to the redirect.php file, which will then perform the redirect to https://otherserver/site without changing the URL displayed in the browser. You can verify your URL on any online tool such as https://redirectchecker.com/ to get its details redirection chain report and its status code.