Url Redirect without url change

Community Forum Forums Thunder and AX Series aFleX Url Redirect without url change

This topic contains 10 replies, has 5 voices, and was last updated by avatar joe1122 1 year, 5 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #11822
    avatar
    mbarry
    Member

    We are trying to write a script that redirects a user when they enter a url, but keeps the url the same.

    We have the url – https://bla.company.com

    When a user enters this url we want to redirect them to – https://otherserver/site

    but we want to keep the url as https://bla.company.com

    I can get this working so that it’ll redirect, but the url changes.

    Any ideas how i would accomplish this?

    #11832
    avatar
    diederik
    Member

    The nature of URL redirection is, that you tell the browser that it needs to go somewhere else.

    So if you tell the browser to go to https://otherserver/site, that is what it will show to the client. At HTTP protocol level there is no option to make the browser “pretend” to go somewhere while really going somewhere else.

    People with malicious intend would very happy with such an option ;)

    You might be able to create a frame on the ADC and within the frame load content of the other site. The browser will keep showing the outside frame’s address in the URL bar.

    #11842
    avatar
    DaniTom
    Member

    Hi,
    another option: You could use the new URL/server as a “local” server behind your VIP/virtual server.
    So, you don’t redirect the client to the new url. The A10 gets the content from otherserver and presents it to the client as https://bla.company.com.

    Problem hereb is the point if you need a special path on the new server. Then I think you need to create an aflex script to get the content from the new url and present it to the client via the old url.
    Another point: Is the company (security) policy allowing that you present content from anotoher URL under your URL ;o)

    Greets,
    Thomas.

    #11862
    avatar
    andimorris
    Member

    What mbarry is asking (we’re working on a number of projects together here), is whether it is possible to do more as DaniTom has said. e.g.

    client browses to https://www.domain.com but the A10 actually presents the web page from https://webserver.domain.com/somewebsite whilst keeping the original URL in the address bar.

    I see the security concerns if this was pointing to a rogue website, but I think this is more in line with hiding the actual web server hostname, plus adding a path to the request. We used to do something similar in Microsoft TMG.

    #11872
    avatar
    diederik
    Member

    Of course it is possible to use aFlex to rewrite the request URI and content when you keep the ADC in between the client and the webserver.

    (on top of my head, not checked code)

    when HTTP_REQUEST {
        set URI [string tolower [HTTP::uri]]
        set HOST [string tolower [HTTP::host]]
        set NEWHOST "webserver.domain.com"
        set NEWURI "/somewebsite"
    # I prefer setting variables, but that is less efficient, depending on if you want to use things like regsub/switch etc. in this case you could also use HTTP::uri or HTTP::host directly in the IF statement.
        if {{$HOST equals "www.domain.com"} {
            HTTP::host $NEWHOST
            HTTP::uri $NEWURI . $URI  
        }
    

    also you need to check the content, make sure the new server uses relative links… or use code to rewrite all content coming from the server something like:

    You should probbably add some code to make sure you only look for content to rewrite for “locations” that actually need rewrites on the way from the server to the client, I kept that part out of this code snipet.

    when HTTP_RESPONSE {
    # Collect http response if the response time is text based to rewrite absolute links
         if { [HTTP::header "Content-Type"] starts_with “text” } {
    HTTP::collect
    }
    }
    
    when HTTP_RESPONSE_DATA { 
    set payload_length [HTTP::payload length] 
    HTTP::payload replace 0 $payload_length [string map {“webserver.domain.com/somewebsite” 
    “www.domain.com”} [HTTP::payload]] 
    HTTP::release 
    } 
    
    #11882
    avatar
    andimorris
    Member

    Thanks very much. We thought it was possible, but just struggling to get anything to work. We’d tried various Aflex scripts, and HTTP filters with redirect/rewrite, but it still wasn’t quite right.

    This looks to fit the right logic. I’m having some issues with syntax, but I’ll work on that.

    #11892
    avatar
    andimorris
    Member

    Still struggling with this. The example code was relentlessly failing syntax checks with “extra tokens at end of expression” as the error.

    I stripped it right down to basics and it eventually passed the syntax checker. The logic still seems sound, but I’m still not getting sent to the extra path.

    I took the HTTP::host reference out as a trial, as I realised that the web server in the service group will actually work for this, so really it’s just the path to add on

    when HTTP_REQUEST {
        if {[HTTP::host] matches "services.domain.com"} {
    #        [HTTP::host] "webserver.internal.domain"
            [HTTP::uri] "/services"
        }
    }
    #11902
    avatar
    andimorris
    Member

    OK, quick update.

    The following works, however it is just redirecting the user to services.domain.com/services

    We require the user to see services.domain.com in the address bar, but really the page is coming from webserver.internal.domain/services
    :

    when HTTP_REQUEST {
    if {[HTTP::host] matches “services.domain.com” and [HTTP::uri] matches “/”} {
    # [HTTP::host] “webserver.internal.domain”
    HTTP::uri /services
    }
    }

    #11912
    avatar
    diederik
    Member

    HTTP_REQUEST takes action on the information the client sends to the ADC, before the ADC sends it to the Server.

    When the server receives a request, it will respond with “location” information etc.
    So when the client receives that info it will adjust what is shown accordingly.

    HTTP_RESPONSE and HTTP_RESPONSE_DATA will take care of the content coming back from the server to the client.
    So you really need to get that part working as well.

    What might go wrong is that the ” are all different.
    Only one type is supported.
    And I see I had dubble { in some places.

    #11962
    avatar
    andimorris
    Member

    Thanks for the reply Diederik. I’ll have to do some research here and get back.

    #12082
    avatar
    joe1122
    Member

    Hello,
    I am trying to do basically the same thing and am getting stuck.
    I am trying to connect to https://site.dev.com which is pointing to the virtual server IP on the AX. We are using https and SNAT with an AFLEX. Given the aFlex and forwarded header data, I should get the content from http://www.site.com (as seen in the aFlex) but not have my browser URL change from https://site.dev.com
    —————————————————
    when RULE_INIT {
    set ::DEBUG 0
    }

    when HTTP_REQUEST {
    set timestamp [TIME::clock seconds]
    set src_ip [IP::client_addr]
    set src_port [TCP::client_port]
    set dst_ip [IP::local_addr]
    set dst_port [TCP::local_port]
    set domain [HTTP::host]
    HTTP::header replace Host “www.site.com”
    HTTP::header insert X-Forwarded-Proto “http”
    HTTP::header insert X-Forwarded-Port 443
    HTTP::header insert X-Forwarded-For $src_ip
    HTTP::header insert X-Forwarded-Host $domain

    #Add a log for debugging
    if { $::DEBUG > 0} {
    set log_str “\[$timestamp\] $cip:$cport -> $vip:$vport to $snat_ip:$snat_port -> $sip:$sport”
    log local5.INFO $log_str
    }
    }
    ———————————————-
    The connection is being closed out by the server with the following detail and I am not sure what Invalid Verb is in terms of the communication between the AX SNAT IP and the IIS 6 server on the backend.

    GHHTTP/1.1 400 B
    ad Reque st..Cont
    ent-Type : text/h
    tml..Dat e:Wed,
    07 Jun 2 017 20:2
    6:54 GMT ..Connec
    tion: cl ose..Con
    tent-Len gth: 35.
    …<h1>B ad Reque
    st (Inva lid Verb)</h1>

    I can point directly to the server and can get the content to load.

    Help is much appreciated.

    Thanks,
    Joe

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

Comments are closed.