Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

iRule Redirect with URL Masking

Xaveri
Nimbostratus
Nimbostratus

‎08-Dec-2021 14:34

Hello,

 

Can someone please tell me if it is possible to achieve the scenario I am trying to accomplish using iRule?

 

We are currently using a SaaS-based application which has a weird URL and it is not easy to remember (e.g. https://214124124.sdsddasd.com:10020). What I am looking to achieve is that when a user enters the URL https://mytestsite, it should be able to redirect to the SaaS-based application without changing the URL in the address bar. It should stay mytestsite.

Labels:
0 Kudos
5 REPLIES 5

Hamish
Cirrocumulus
Cirrocumulus

‎10-Dec-2021 09:57

The short answer is no... That's a big security hole if it was possible

 

H

0 Kudos

Hamish
Cirrocumulus
Cirrocumulus

‎10-Dec-2021 09:58

Of course if you have control over the clients browser you could disable the security and return a page with an iframe that loads the remote site... but that's not a good idea.

0 Kudos

Xaveri
Nimbostratus
Nimbostratus

‎10-Dec-2021 10:00

Hi Hamish. Can you explain how is that a security hole?

0 Kudos

Hamish
Cirrocumulus
Cirrocumulus

‎11-Dec-2021 01:09

The URL bar is the mechanism by which the user checks to make sure they're accessing the page they thought they were accessing. It should show you the actual pageURL, the certificate in use, whether that's the right cert (trusted) or not etc.

 

Mess with it at your peril.

 

Checkout these fun attacks

 

https://owasp.org/www-community/attacks/Cross_Frame_Scripting

https://owasp.org/www-community/attacks/Clickjacking

https://owasp.org/www-community/attacks/csrf

https://owasp.org/www-community/attacks/xss/

 

Anything you do to disable the security to allow you to do what you want... Is going to leave you (More) vulnerable to these and other attacks.

 

Here's why even commercial sites that make their money from redirecting don't support URL masking

 

https://www.easyredir.com/blog/why-you-should-not-use-url-masking-forwarding-cloaking/

 

Because it's just not safe...

 

0 Kudos

Josiah
F5 Employee
F5 Employee

‎12-Dec-2021 22:00

Do you own https://mytestsite?

 

Then, yes, you can do it, but not via a "redirect", it's done via foward proxy. Essentially https://mytestsite is your vip and https://214124124.sdsddasd.com:10020 is your pool.

 

If you application requires hostheader to be 214124124.sdsddasd.com and not mytestsite to work, then you will need to also modify the host header on the wire. This function may not be needed, it depends on your app, it is a function popularly known as "ProxyPass". You can Google "ProxyPass irule" or alternatively do it with LTM Profiles, if such functionality is required.

0 Kudos
Copyright © 2023 Khoros, LLC