Forum Discussion

Goodline's avatar
Goodline
Icon for Nimbostratus rankNimbostratus
Apr 23, 2020

Mask all URIs so only base domain name is shown in address bar

Hi,   I have been searching DevCentral and can't find a definitive answer to my question. I want to mask all URIs no matter what URI a user visits. There are no port changes to contend with so ...
APM
application delivery
devops
iRules
Samir's avatar
Samir
Icon for MVP rankMVP
Apr 24, 2020

Go though this link which may help you.

​https://devcentral.f5.com/s/question/0D51T00006wyrrU/irule-to-hide-uri-from-client-side

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Apr 27, 2020

    None of those rules will work - they allow re-writing requests from what the client-side expect to what the server expects, but this does not hide the requested URI in the address bar.

    Having thought about this some more, the following irule works to hide all the URLs behind /f:

    # irule to flatten a site to make it look like a single-page application
# this stores the request URI in a table and issues a 308 redirect with an identifying token in a cookie
# when the 308 is processed the client reissues the request to the new location
# the original URI is retrieved (using the token) and the request is updated and sent to the server
# An HTTP 308 should repost the same request using the same method 
 
when HTTP_REQUEST {
  if { ([HTTP::uri] eq "/f") and ([HTTP::cookie "X-target"] ne "") } {
    # We have a token from a redirection
    set new_token [HTTP::cookie "X-target"]
    log local0. "redirected URI is [HTTP::uri], token is $new_token"
    set new_uri [table lookup $new_token]
    log local0. "uri is $new_uri"
    HTTP::uri $new_uri
    set clean_cookie 1
  }    
  else {
    set uri [HTTP::uri]
    set token [string tolower [string map {/ "" + ""} [b64encode [md5 [ clock clicks -milliseconds ]$uri]]]]
    log local0. "token is $token, uri is $uri"
    table set $token $uri 5
    log local0. "Redirect to $static::protocol://$static::host/ with header X-target=$token"
    HTTP::respond 308 Location "/f" Set-Cookie "X-target=$token; Max-Age=5; path=/"
    set clean_cookie 0
  }
}
 
when HTTP_RESPONSE {
  # clean up the X-target cookie
  if { $clean_cookie eq 1 } { 
    log local0. "removing "
    HTTP::header Set-Cookie "X-target=deleted; expires=Thu, 01 Jan 1970 00:00:00 GMT"
  }
}

    However: this will only work in a browser that correctly supports the HTTP 308 redirect.

    This will follow the redirect, but will resubmit the request with the same method.

    Also, every request triggers a redirect, so it doubles the number of requests.

    It's really inefficient network-wise and memory-wise.

    I have not tested this with any really complex web-sites, so YMMV.