For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

uni's avatar
uni
Icon for Altocumulus rankAltocumulus
Jul 12, 2006

Rewrite redirects to issuing host

I have an https virtual which forwards to an http server, hence I need to rewrite redirects when they point back to the issuing server.

"rewrite all" does not work because the server may issue a redirect to an external http site, and must not be rewritten to https.

"rewrite matching" is not suitable because sometimes the redirect uri does not match the request uri, i.e. a JSESSIONID may be appended to the original uri.

Consequently, I have to come up with an iRule which only rewrites the redirect when the redirection is back to the same host. Could someone have a look at my attempt below and tell me if I'm on the right track?


when HTTP_REQUEST {
  set host [HTTP::host];
  log LOCAL0.debug "URI=$host";
}
when HTTP_RESPONSE {
  if { [HTTP::status] starts_with "3" } {
      set location [HTTP::header "Location"];
      if { $location starts_with "http://" } {
          set temp [substr $location 8];
          HTTP::header replace "Location" "https://$temp";
      }
  }
}
application delivery
dev
devops
iRules

3 Replies

  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jul 12, 2006
    As you have it, it will perform just as "rewrite all" does, but once you work in some logic to check the [HTTP::host] in the response (either against a static entry or a list using matchclass) it should work fine.

     

     

    Denny
  • uni's avatar
    uni
    Icon for Altocumulus rankAltocumulus
    Jul 13, 2006
    Good point. I must have been distracted by the phone.

    What I should have posted is this:

    
when HTTP_REQUEST {
  set host [HTTP::host];
  log LOCAL0.debug "URI=$host";
}
when HTTP_RESPONSE {
  if { [HTTP::status] starts_with "3" } {
      set location [HTTP::header "Location"];
      if { $location starts_with "http://" } {
          set temp [substr $location 7];
          if { $host equals [substr $temp 0 "/"] }{
              HTTP::header replace "Location" "https://$temp";
          }
      }
  }
}

    Will [substr $temp 0 "/"] return the trailing "/"? If so, can anyone suggest an efficient way of dropping it?

    Sorry to ask such simple, testable, questions. Unfortunately I don't have a test environment and will only have a short testing window when I put this in production.

  • uni's avatar
    uni
    Icon for Altocumulus rankAltocumulus
    Jul 14, 2006
    To answer my own question, when the terminator in a substr call is a character, the string returned does not include the terminator. If the terminator is an integer, that many characters are returned.

     

     

    So [substr "abcdef" 0 "d"] returns "abc", and [substr "abcdef" 0 3] also returns "abc".