08-Dec-2021 14:34
Hello,
Can someone please tell me if it is possible to achieve the scenario I am trying to accomplish using iRule?
We are currently using a SaaS-based application which has a weird URL and it is not easy to remember (e.g. https://214124124.sdsddasd.com:10020). What I am looking to achieve is that when a user enters the URL https://mytestsite, it should be able to redirect to the SaaS-based application without changing the URL in the address bar. It should stay mytestsite.
10-Dec-2021 09:58
Of course if you have control over the clients browser you could disable the security and return a page with an iframe that loads the remote site... but that's not a good idea.
11-Dec-2021 01:09
The URL bar is the mechanism by which the user checks to make sure they're accessing the page they thought they were accessing. It should show you the actual pageURL, the certificate in use, whether that's the right cert (trusted) or not etc.
Mess with it at your peril.
Checkout these fun attacks
https://owasp.org/www-community/attacks/Cross_Frame_Scripting
https://owasp.org/www-community/attacks/Clickjacking
https://owasp.org/www-community/attacks/csrf
https://owasp.org/www-community/attacks/xss/
Anything you do to disable the security to allow you to do what you want... Is going to leave you (More) vulnerable to these and other attacks.
Here's why even commercial sites that make their money from redirecting don't support URL masking
https://www.easyredir.com/blog/why-you-should-not-use-url-masking-forwarding-cloaking/
Because it's just not safe...
12-Dec-2021 22:00
Do you own https://mytestsite?
Then, yes, you can do it, but not via a "redirect", it's done via foward proxy. Essentially https://mytestsite is your vip and https://214124124.sdsddasd.com:10020 is your pool.
If you application requires hostheader to be 214124124.sdsddasd.com and not mytestsite to work, then you will need to also modify the host header on the wire. This function may not be needed, it depends on your app, it is a function popularly known as "ProxyPass". You can Google "ProxyPass irule" or alternatively do it with LTM Profiles, if such functionality is required.