https rewrite

Corinna, yes the http profile option modifies only the ‘Location’ header and not the content. We are adding some really cool enhancements on the next release (v9.2) that will make this type of replacement trivial, but until then you will have to write some iRules.

 

 

Luckily some one else has already run into a similar problem so please check out the link shown below and look at the example shown at the very bottom. This rule is designed to ‘scrub’ the response of credit card numbers but it should be pretty trivial to change the substitution to make it work for you.

 

 

Click here

 

 

Good luck!

 

 

Thanks for your quick response. Meantime, while searching, I also found this great post:

 

http://devcentral.f5.com/default.aspx?tabid=28&view=topic&forumid=5&postid=3410

 

 

I followed that example, and set find "http://eportfoliodev.wsu.edu",

 

and replace "https://eportfoliodev.wsu.edu"... but it doesn't work for me... i turned on logging, and tried to do some trouble-shooting - simply try to replace "Welcome" wording to "===============Test Rewrite===============". And I found some inconsistent behaviour.

 

 

As you can see from this URL:

 

https://eportfoliodev.wsu.edu/portal

 

Their should be 5 "Welcome" there on that page (4 of them in the content, and 1 in the page title). But only 2 of them are successfully being replaced.

 

 

My code is as follows:

 

 

when HTTP_RESPONSE {

 

collect response data

 

if { [HTTP::header exists "Content-Length"] } {

 

set content_length [HTTP::header "Content-Length"]

 

} else {

 

set content_length 4294967295

 

}

 

if { $content_length > 0 } {

 

HTTP::collect $content_length

 

}

 

}

 

 

when HTTP_RESPONSE_DATA {

 

 

set find "Welcome"

 

set replace "===============Test Rewrite==============="

 

set offset 0

 

set diff [expr [string length $replace] - [string length $find]]

 

 

Get indices of all instances of find string in the payload

 

set indices [regexp -all -inline -indices $find [HTTP::payload]]

 

 

if { $indices ne "" } {

 

log user.notice "iRule: ePortfolioDev - Search Found $indices"

 

} else {

 

log user.notice "iRule: ePortfolioDev - Search Not Found"

 

}

 

 

foreach idx $indices {

 

 

set start [expr [lindex $idx 0] + $offset]

 

set end [expr [lindex $idx 1] + $offset]

 

set len [expr {$end - $start + 1}]

 

 

replace the instance of find with the contents of replace

 

HTTP::payload replace $start $len $replace

 

 

modify offset if the replace string is larger or smaller

 

than find.

 

incr offset $diff

 

}

 

}

 

 

 

My question is, if searching inside the HTTP::payload does not find all occurence of a string... where else can I search for?

 

 

Again, any help is very much appreciated.

 

 

- corinna

 

 

Hmm, I am a little baffled why it’s not working. I wonder if it’s because you are not setting up your request to HTTP/1.1. Try modifying the rule this way …

when HTTP_REQUEST {
   HTTP::version 1.0
 }
 when HTTP_RESPONSE {
   HTTP::collect 4294967295
 }
 when HTTP_RESPONSE_DATA {
        set find " Welcome" 
        set replace "===============Test Rewrite==============="
        set offset 0
        set diff [expr [string length $replace] - [string length $find]]
         Get indices of all instances of find string in the payload
        set indices [regexp -all -inline -indices $find [HTTP::payload]]
        puts "Got Payload \n[HTTP::payload]"
        if { $indices ne "" } {
                puts "iRule: wsu - Search Found $indices"
        } else {
                puts "iRule: wsu - Search Not Found"
        }
        foreach idx $indices {
                set start [expr [lindex $idx 0] + $offset]
                set end [expr [lindex $idx 1] + $offset]
                set len [expr {$end - $start + 1}]
                 replace the instance of find with the contents of replace
                HTTP::payload replace $start $len $replace
                puts "\nNew Payload \n[HTTP::payload]"
                 modify offset if the replace string is larger or smaller
                 than find.
                incr offset $diff
        }
 }

Alternatively, this shorter version of the rule might also do the trick for you.

when HTTP_REQUEST {
   HTTP::version 1.0
 }
 when HTTP_RESPONSE {
   HTTP::collect 4294967295
 }
 when HTTP_RESPONSE_DATA {
        set find " Welcome" 
        set replace "===============Test Rewrite==============="
        set payload [HTTP::payload]
        if {[regsub -all $find $payload $replace new_response] > 0} {
           HTTP::payload replace 0 [HTTP::payload len] $new_response
        }
}

Correction, I meant to say 'setting up your request to HTTP/1.0.'

You may wish to contact Daniel Spillers (djspillers@ualr.edu). We ended actually making a modification to Sakai to fix the problem for good. I think it has gone back to the develpoers for the next release.

 

 

Dale

We have seen successful https rewrites done using a stream profile, which works at the tcp level.

 

 

Randy

yes, I've contacted Daniel. He is very helpful, and shared with us on how he changed in the sakai code to return a https page after logon. But other than that, we found that all other links generated by sakai are still on http. That means two problems:

 

1. If users are using IE, they receive warnings on every single page (click). "The page contains both secure and nonsecure items."

 

2. Further response (especially the content part) sending out from sakai seems to be always in http (unencrypted).

 

 

bl0ndie, I tried your suggestion... and THANK YOU!!! It is working beautifully now.

 

 

THANK YOU SO MUCH!!!

 

 

- corinna