Forum Discussion
Help with Migrating Netscaler Rewrite Policy to F5 LTM
- Oct 02, 2024
For expediency, this seems like a good task for gen AI.
Me:
As an expert and helpful Netscaler administrator, you've been tasked with figuring out how the old administrator configured an app. This rewrite rule is in place:
```
rewrite policy Delete_Body-policy "http.RES.FULL_HEADER.CONTAINS(\"HTTP/1.1 404\")" Delete_Body_action
add rewrite action Delete_Body_action delete "http.res.body(40000)"
```The application security team needs to understand what this rewrite rule is doing. Please analyze the rewrite rule and explain what the HTTP response would look like on the wire before and after the rule has executed.
------------------
GPT-4o:
Sure, I'd be happy to help analyze this rewrite rule and explain its impact on the HTTP response.
### What the Rewrite Rule Does
The rewrite rule consists of a policy and an action, which are designed to interact with HTTP responses in specific ways.
1. **Policy:**
- **Policy Name:** `Delete_Body-policy`
- **Condition:** `http.RES.FULL_HEADER.CONTAINS("HTTP/1.1 404")`
This condition checks if the HTTP response header contains the string "HTTP/1.1 404". This string indicates a 404 Not Found response from the server.2. **Action:**
- **Action Name:** `Delete_Body_action`
- **Type of Action:** `delete`
- **Target:** `"http.res.body(40000)"`The action is to delete up to 40,000 bytes of the response body. This essentially removes the body of the HTTP response if the condition specified in the policy is met.
### HTTP Response Before the Rule Execution
Before this rewrite rule executes, an HTTP 404 response might look like this:
```
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 14:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Content-Length: 345<!doctype html>
<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body>
</html>
```### HTTP Response After the Rule Execution
After the rewrite rule executes, the body of the HTTP 404 response will be deleted. The response might look like this:
```
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 14:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Content-Length: 0```
### Explanation
- The `rewrite policy Delete_Body-policy` checks if the HTTP response is a 404 Not Found response.
- If the condition is true, the `rewrite action Delete_Body_action` is triggered, which deletes up to 40,000 bytes of the response body.
- As a result, the response body is removed, and the `Content-Length` header is updated to 0, indicating that there is no body content.### Impact
This rewrite rule can be useful for enhancing security or reducing bandwidth by ensuring that no information is leaked in the body of 404 responses. It ensures that when a resource is not found, only the status and headers are sent back to the client, without any additional details that might be included in the response body.
I hope this helps clarify what the rewrite rule is doing! If you have any more questions or need further assistance, feel free to ask.
---------------------
So, how can we do this on BIG-IP?
BIG-IP has a streaming-oriented architecture, and we don't as easily have access to the HTTP body because it doesn't buffer, as it seems like Netscaler might. It's usually more performant to avoid dealing with the body altogether.
Here's a code sample that covers this "404 masking" use case:
File Not Found Handler | DevCentral
The difference between the Netscaler and the BIG-IP is that the BIG-IP will completely hide the server response and replace it with its own. The Netscaler would keep the original server response headers. There may be some reason to preserve the headers in your application, but that's probably unlikely.
If you need to preserve all the original headers and ONLY delete the body, this can also be accomplished, but the performance will be worse and the iRule will be more complicated.
For expediency, this seems like a good task for gen AI.
Me:
As an expert and helpful Netscaler administrator, you've been tasked with figuring out how the old administrator configured an app. This rewrite rule is in place:
```
rewrite policy Delete_Body-policy "http.RES.FULL_HEADER.CONTAINS(\"HTTP/1.1 404\")" Delete_Body_action
add rewrite action Delete_Body_action delete "http.res.body(40000)"
```
The application security team needs to understand what this rewrite rule is doing. Please analyze the rewrite rule and explain what the HTTP response would look like on the wire before and after the rule has executed.
------------------
GPT-4o:
Sure, I'd be happy to help analyze this rewrite rule and explain its impact on the HTTP response.
### What the Rewrite Rule Does
The rewrite rule consists of a policy and an action, which are designed to interact with HTTP responses in specific ways.
1. **Policy:**
- **Policy Name:** `Delete_Body-policy`
- **Condition:** `http.RES.FULL_HEADER.CONTAINS("HTTP/1.1 404")`
This condition checks if the HTTP response header contains the string "HTTP/1.1 404". This string indicates a 404 Not Found response from the server.
2. **Action:**
- **Action Name:** `Delete_Body_action`
- **Type of Action:** `delete`
- **Target:** `"http.res.body(40000)"`
The action is to delete up to 40,000 bytes of the response body. This essentially removes the body of the HTTP response if the condition specified in the policy is met.
### HTTP Response Before the Rule Execution
Before this rewrite rule executes, an HTTP 404 response might look like this:
```
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 14:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Content-Length: 345
<!doctype html>
<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body>
</html>
```
### HTTP Response After the Rule Execution
After the rewrite rule executes, the body of the HTTP 404 response will be deleted. The response might look like this:
```
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 14:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Content-Length: 0
```
### Explanation
- The `rewrite policy Delete_Body-policy` checks if the HTTP response is a 404 Not Found response.
- If the condition is true, the `rewrite action Delete_Body_action` is triggered, which deletes up to 40,000 bytes of the response body.
- As a result, the response body is removed, and the `Content-Length` header is updated to 0, indicating that there is no body content.
### Impact
This rewrite rule can be useful for enhancing security or reducing bandwidth by ensuring that no information is leaked in the body of 404 responses. It ensures that when a resource is not found, only the status and headers are sent back to the client, without any additional details that might be included in the response body.
I hope this helps clarify what the rewrite rule is doing! If you have any more questions or need further assistance, feel free to ask.
---------------------
So, how can we do this on BIG-IP?
BIG-IP has a streaming-oriented architecture, and we don't as easily have access to the HTTP body because it doesn't buffer, as it seems like Netscaler might. It's usually more performant to avoid dealing with the body altogether.
Here's a code sample that covers this "404 masking" use case:
File Not Found Handler | DevCentral
The difference between the Netscaler and the BIG-IP is that the BIG-IP will completely hide the server response and replace it with its own. The Netscaler would keep the original server response headers. There may be some reason to preserve the headers in your application, but that's probably unlikely.
If you need to preserve all the original headers and ONLY delete the body, this can also be accomplished, but the performance will be worse and the iRule will be more complicated.
thank,you, Lucas_Thompson very much for the answer.
following to my descussion with the customer, we needn't to have the same origin http header but the object is to have a vide web page.
Can i accomplish taht using the folowing irule ?
when RULE_INIT {
set error_404 { <meta http-equiv="content-type" content="text/html;charset=utf-8" /> }
}
when HTTP_RESPONSE {
if { [HTTP::status] == 404 && [HTTP::version] equals "1.1 "}
{
HTTP::respond 404 content [subst $::error_404] }
}
- Oct 06, 2024
Hi Hamza,
When a 404 response code is received, it is sufficient to return empty content.
when HTTP_RESPONSE { if { [HTTP::status] == 404 } { HTTP::respond 404 content "" } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com