Forum Discussion
iRule Redirect with URL Masking
Hello,
Can someone please tell me if it is possible to achieve the scenario I am trying to accomplish using iRule?
We are currently using a SaaS-based application which has a weird URL and it is not easy to remember (e.g. https://214124124.sdsddasd.com:10020). What I am looking to achieve is that when a user enters the URL https://mytestsite, it should be able to redirect to the SaaS-based application without changing the URL in the address bar. It should stay mytestsite.
- HamishCirrocumulus
The short answer is no... That's a big security hole if it was possible
H
- HamishCirrocumulus
Of course if you have control over the clients browser you could disable the security and return a page with an iframe that loads the remote site... but that's not a good idea.
- XaveriNimbostratus
Hi Hamish. Can you explain how is that a security hole?
- HamishCirrocumulus
The URL bar is the mechanism by which the user checks to make sure they're accessing the page they thought they were accessing. It should show you the actual pageURL, the certificate in use, whether that's the right cert (trusted) or not etc.
Mess with it at your peril.
Checkout these fun attacks
https://owasp.org/www-community/attacks/Cross_Frame_Scripting
https://owasp.org/www-community/attacks/Clickjacking
https://owasp.org/www-community/attacks/csrf
https://owasp.org/www-community/attacks/xss/
Anything you do to disable the security to allow you to do what you want... Is going to leave you (More) vulnerable to these and other attacks.
Here's why even commercial sites that make their money from redirecting don't support URL masking
https://www.easyredir.com/blog/why-you-should-not-use-url-masking-forwarding-cloaking/
Because it's just not safe...
- JosiahEmployee
Do you own https://mytestsite?
Then, yes, you can do it, but not via a "redirect", it's done via foward proxy. Essentially https://mytestsite is your vip and https://214124124.sdsddasd.com:10020 is your pool.
If you application requires hostheader to be 214124124.sdsddasd.com and not mytestsite to work, then you will need to also modify the host header on the wire. This function may not be needed, it depends on your app, it is a function popularly known as "ProxyPass". You can Google "ProxyPass irule" or alternatively do it with LTM Profiles, if such functionality is required.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com