rewriting http response based on client ip

Question

Is this possible? 
&nbsp;  
&nbsp; I'd like to make a response rule that rewrites a http responses based off the originating client IP request. 
&nbsp;  
&nbsp; Something like: 
&nbsp;  
&nbsp; if client ip is not our firewall 
&nbsp;    rewrite "admin.domain" to "www.domain" links within the response 
&nbsp; else 
&nbsp;    don't rewrite 
&nbsp; end 
&nbsp;  
&nbsp; Some sample code would be greatly appreciated. 
&nbsp;  
&nbsp;

hoolio · Answer

Do you want to rewrite the response headers or the response content?  Or both?  To rewrite the headers, you can use 'HTTP::header replace Location "http://newlocation.example.com"'.  To rewrite the content, you can use a stream profile and iRule.  You can check the STREAM::expression wiki page for details (Click here)

when RULE_INIT { 
  
     Log debug messages to /var/log/ltm? 1=yes, 0=no. 
    set ::rewrite_debug 1 
  
 } 
 when CLIENT_ACCEPTED { 
  
     Check if client IP address is one to rewrite the content for 
    if {not ([IP::addr [IP::client_addr] equals 1.1.1.1]}{ 
  
        set a flag to rewrite the client  
       set rewrite_response 1 
  
       if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]:  Checking response for [HTTP::path]"} 
  
    } else { 
  
        Check response 
       set rewrite_response 0 
  
       if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]:  Not checking response for [HTTP::path]"} 
    } 
 } 
 when HTTP_RESPONSE { 
  
     Rewrite the Location header on redirects 
    if {[HTTP::is_redirect] and [HTTP::header value Location] contains "admin.domain"]}{ 
  
       HTTP::header replace Location [string map -nocase {admin.domain www.domain} [HTTP::header value Location]] 
    } 
  
     Check response content 
    if {$rewrite_response and [HTTP::header value "Content-Type"] contains "text"}{ 
  
        Set a stream expression to rewrite admin.domain to www.domain 
       STREAM::expression {@admin.domain@www.domain@} 
  
        Enable the stream filter 
       STREAM::enable 
  
       if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Enabled stream filter for this response"} 
  
    } else { 
  
        If this event is still enabled we shouldn't rewrite the response so disable the stream filter 
       STREAM::disable 
  
       if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Disabled stream filter for this response"} 
    } 
 } 
 when STREAM_MATCHED { 
  
     This event is enabled just for debug logging.  Remove or comment the event out when you're done testing 
    if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Matched: [STREAM::match]"} 
 }

Aaron

Forum Discussion

rewriting http response based on client ip

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Rewrite http:// to https:// in response content

Introduction of Incident Response

rewrite the location in 302 response

URL/URI rewrite without changing in Client browser

Rewriting Redirects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS