rewrite the uri seen by the user

Do you want to rewrite the URL in the Location header of a redirect or in the page content? If the former, you can use check for 30x redirect responses, and rewrite the Location header using 'HTTP::header replace Location "http://newurl.example.com/newuri". If you want to rewrite the response data, you can use a stream profile and STREAM::expression to perform the rewrite. If you clarify where you want to do the rewriting, we can provide more detailed examples.

 

 

Also, if you issue a redirect, the client is redirected to a new location and the browser's address bar would be updated. If you rewrite the requested URI using HTTP::uri, the change would only be made to the request sent from LTM to the server.

 

 

Aaron

Hello,

 

 

Thank you for you kindly help ...

 

 

I want to hide the url to the users...Where it clicks / inforamtion it enters / servers response : I want he sees only the url address : http://applicationname.com. Because of bad development of the web servers and privacy failure...

 

 

 

Do you want to rewrite the URL in the Location header of a redirect or in the page content? If the former, you can use check for 30x redirect responses, and rewrite the Location header using 'HTTP::header replace Location "http://newurl.example.com/newuri".

 

 

It is a i-rule ? I don't know what's a 30x redirect responses...

 

 

If you want to rewrite the response data, you can use a stream profile and STREAM::expression to perform the rewrite. If you clarify where you want to do the rewriting, we can provide more detailed examples.

 

 

I don't have much information on stream in my documention...

 

 

Also, if you issue a redirect, the client is redirected to a new location and the browser's address bar would be updated. If you rewrite the requested URI using HTTP::uri, the change would only be made to the request sent from LTM to the server.

 

 

OK : i see it creating http class. But i want it is removed everytime and http class are not really flexible.

Can you provide more detail on the vulnerability in the application as well as what you want to do with an iRule to fix it?

 

 

If there is sensitive data in the URI, it's not going to be easy to fix with an iRule. In theory, you could encrypt the paths and/or application set parameters in HTTP redirects and the HTTP payload, but it would be a complex rule to write.

 

 

Aaron

Hello,

 

I have tested the i-rules :

 

HTTP::header replace Location "http://newurl.example.com/newuri but it is not working properly...

 

May you have a look to my attach document to see if it is more clear ?

 

Thanks

 

Frédérique

Hi Frederique,

 

 

It's not practical or effective to try to hide the URI from a user. Take a look at this post for details (Click here).

 

 

Aaron

Hello,

 

My developpers are not so clever !!!

 

I really need this functionality ...and the location doesn't work...

 

Why not the stream if you have any example...

 

I have the pression of my hierarchy and the developpers are intouchable on my business.

 

Thank you for your help

 

Sincerely

 

Frédérique Lefranc

If you want to truly hide the real URI from the client you would need to parse every link to the virtual server in response headers and content, encrypt it and then replace the original link with the encrypted version. On subsequent requests, you'd need to decrypt the requested URI before sending the request to the web server. This isn't a trivial iRule. I wouldn't suggest trying it if it's your first attempt at writing an iRule. Short of encrypting the URI, you could hide the URL by not including an address bar in the window. This is very simple to bypass though using a browser plugin like LiveHttpHeaders, an interception proxy, or by capturing a tcpdump. So it wouldn't provide anything but a cosmetic fix for the problem.

 

 

I'd suggest trying to fix the application or less ideally, hiring someone to write an encryption iRule for you.

 

 

Aaron