cancel
Showing results for 
Search instead for 
Did you mean: 

Mask all URIs so only base domain name is shown in address bar

Goodline
Nimbostratus
Nimbostratus

Hi,

 

I have been searching DevCentral and can't find a definitive answer to my question. I want to mask all URIs no matter what URI a user visits. There are no port changes to contend with so I am assuming I need a catch-all iRule.

 

e.g. Original URL https://mydomain.com/webapp1/module1 Displayed URL https://mydomain.com

 

Thanks

3 REPLIES 3

Simon_Blakely
F5 Employee
F5 Employee

You can't control the uri displayed in the address bar, unless you redirect the request (on the client side) to /.

 

Then you would have to do some real complex irule processing to hold the entire server response at the BigIP, and then get the client to collect it, using a redirect to / with some sort of token to trigger the actual response.

 

I can see how it could work, but it's really, really hard.

 

That's why you cannot find a definitive answer ...

Samir
Nacreous
Nacreous

Go though this link which may help you.

​https://devcentral.f5.com/s/question/0D51T00006wyrrU/irule-to-hide-uri-from-client-side

None of those rules will work - they allow re-writing requests from what the client-side expect to what the server expects, but this does not hide the requested URI in the address bar.

 

Having thought about this some more, the following irule works to hide all the URLs behind /f:

# irule to flatten a site to make it look like a single-page application # this stores the request URI in a table and issues a 308 redirect with an identifying token in a cookie # when the 308 is processed the client reissues the request to the new location # the original URI is retrieved (using the token) and the request is updated and sent to the server # An HTTP 308 should repost the same request using the same method   when HTTP_REQUEST { if { ([HTTP::uri] eq "/f") and ([HTTP::cookie "X-target"] ne "") } { # We have a token from a redirection set new_token [HTTP::cookie "X-target"] log local0. "redirected URI is [HTTP::uri], token is $new_token" set new_uri [table lookup $new_token] log local0. "uri is $new_uri" HTTP::uri $new_uri set clean_cookie 1 } else { set uri [HTTP::uri] set token [string tolower [string map {/ "" + ""} [b64encode [md5 [ clock clicks -milliseconds ]$uri]]]] log local0. "token is $token, uri is $uri" table set $token $uri 5 log local0. "Redirect to $static::protocol://$static::host/ with header X-target=$token" HTTP::respond 308 Location "/f" Set-Cookie "X-target=$token; Max-Age=5; path=/" set clean_cookie 0 } }   when HTTP_RESPONSE { # clean up the X-target cookie if { $clean_cookie eq 1 } { log local0. "removing " HTTP::header Set-Cookie "X-target=deleted; expires=Thu, 01 Jan 1970 00:00:00 GMT" } }

However: this will only work in a browser that correctly supports the HTTP 308 redirect.

This will follow the redirect, but will resubmit the request with the same method.

Also, every request triggers a redirect, so it doubles the number of requests.

It's really inefficient network-wise and memory-wise.

 

I have not tested this with any really complex web-sites, so YMMV.