Forum Discussion
Gustavo_Lazarte
Nimbostratus
NimbostratusModifying Header Location
We are having problems passing a security audit because IIS 5 shows the name of the servers when it does a redirection on the location part of the header. The problems is when we hit a redirect (302 O...
hoolio
Cirrostratus
CirrostratusGood point. I think there is actually a typo and a logic error in the example rules in this post. The Location header is probably a fully qualified URL if the app follows RFC2616. It should be switch -glob and the server names should have wildcards server01 should be *server01*. But this wouldn't actually help in replacing the server name with the VIP name. You would need to replace the server name within the Location header value but preserve the rest of the URL including the path and query string.
Here is one way to do it using a regex (gasp, I know regexes are CPU intensive, but it saves manually configuring all of the server names and running string map with multiple find/replace strings.
when HTTP_RESPONSE {
log local0. "[IP::client_addr]:[TCP::client_port]: response status: [HTTP::status]"
Check if response is a redirect and the Location header contains serverXX where X is a digit
if { [HTTP::is_redirect] && [string match -nocase {*server[0-9][0-9]*} [HTTP::header Location]]} {
log local0. "[IP::client_addr]:[TCP::client_port]: Location: [HTTP::header Location]"
Replace serverXX with www.example.com in the Location header value
HTTP::header replace Location [regsub -nocase {server[0-9][0-9]} www.example.com [HTTP::header Location]]
Log the updated header value. Comment out/delete this debug line once testing is complete.
log local0. "[IP::client_addr]:[TCP::client_port]: found a serverXX value, rewriting to\
[regsub -nocase {server[0-9][0-9]} www.example.com [HTTP::header Location]"
}
}
Aaron
