If you have a situation where dots are valid in directory names, or you want to limit file types, you could use an external data group in combination with a matchclass command and ends_with operator to make sure the file is a valid file type
class file_extensions {
".gif"
".jpg"
".htm"
".html"
".jsp"
".asp"
}
when HTTP_REQUEST {
set host [HTTP::host]
set uri [HTTP::uri]
set token [getfield [HTTP::uri] "/" 2]
if { $token eq "" } {
log local0. "no path specified so ignore"
} else {
if { [matchclass $uri ends_with $::file_extensions] > 0 } {
log local0. "Found file request, leave as is!"
} else {
log local0. "Not a file request, update host and check for trailing slash "
set host "$token.$host"
if { $uri ends_with "/" } {
log local0. "Uri ends with a slash, all's good"
} else {
log local0. "Uri doesn't end with a slash, appending one"
append uri "/"
}
}
}
update host
log local0. "host: $host"
log local0. "uri : $uri"
HTTP::header replace "Host" $host
HTTP::uri $uri
}
*Note, the class is an external string class created in the GUI and is not part of the actual rule code.
This could use some cleaning up a bit and testing...
-Joe