URI Masking

Problem this snippet solves:

The code snippet was utilized to mask the URI so that the client is unaware of the actual URI that was processed by the server. This can provide security but the main use case was to mask the older application version from the outside world.

How to use this snippet:

Whenever a client makes a request to: https://devtest.domain.com/wdev/wweb.ll?wsession

it will be altered like this: https://devtest.domain.com/wdev/wweb.ll?FoldSession

before it is load balanced to the pool: POOL-DEV2

The response from the pool member will be checked and the URI will be replaced like this: /wdev/wweb.ll?FoldSession replaced with /wdev/wweb.ll?wsession

The replacement is done so the client doesn't know the actual URI that is being processed by the server. The same principle can be applied to replace the domain name/host header value.

Code :

set HOST [string tolower [HTTP::host]]
set URI [string tolower [HTTP::uri]] 

if { $HOST contains "devtest.domain.com" } {
#Disable SSL
SSL::disable serverside

if { $URI contains "/wdev/wweb.ll?wsession" } {
HTTP::uri [string map {/wdev/wweb.ll?wsession /wdev/wweb.ll?FoldSession} [HTTP::uri]] 
pool POOL-DEV2

if { [HTTP::header values Location] contains "/wdev/wweb.ll?FoldSession" } {
HTTP::header replace Location [string map {/wdev/wweb.ll?FoldSession /wdev/wweb.ll?wsession} [HTTP::header value Location]]

Tested this on version:

Published May 28, 2016
Version 1.0

Was this article helpful?

No CommentsBe the first to comment