For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SudheerG's avatar
SudheerG
Icon for Nimbostratus rankNimbostratus
Apr 04, 2019

Re-write URI on server response

I need to modify the URI in the HTTP Response. My VIP is listening on 443 and Pool members are on 80. Client request has "/abc/app/index.html/xyz" as the URI and server response removes " index.html"...
application delivery
BIG-IP
iRules
Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Apr 07, 2019

You need to be careful using ‘’ in your URI

 

RFC at 3986 https://tools.ietf.org/html/rfc3986 (which defines how a URI is structured) it states that is a reserved character and is defined as a delimiter (much like : / ? etc).

 

The '' character is defined as a fragment (see Section 3) And defined further in section 3.1 - an except is provided below:

 

The fragment identifier component of a URI allows indirect identification of a secondary resource by reference to a primary resource and additional identifying information. The identified secondary resource may be some portion or subset of the primary resource, some view on representations of the primary resource, or some other resource defined or described by those representations. A fragment identifier component is indicated by the presence of a number sign ("") character and terminated by the end of the URI.

 

As F5 will follow the relevant RFCs when defining commands such as HTTP::uri, using a '' character in a URI will cause the command to only extract the left most portion of the URI BEFORE the '' as the intended use of '' is as a fragment delimiter.

 

I would advise that you do not use '' delimiters in your URI unless you are doing so as per RFC3986 guidelines