Jump to content
Welcome to our new Citrix community!

Issues rewriting URL that call client side Javascripts


resyrt erwtret

Recommended Posts

Hello

 

I was able to solve this https://discussions.citrix.com/topic/417508-prestashop-behind-a-ssl-load-balancer-how-to-configure/ as now all links point to HTTPs but I do have still a issue

 

When I click some things on the page, it tries to call a Javascript which is still trying to call it thru HTTP. Since this is client side, I imagine that the Netscaler, does not rewrite it.

 

Is there a way to solve this?

 

Thank you

Link to comment
Share on other sites

15 hours ago, resyrt erwtret said:

Hello

 

I was able to solve this https://discussions.citrix.com/topic/417508-prestashop-behind-a-ssl-load-balancer-how-to-configure/ as now all links point to HTTPs but I do have still a issue

 

When I click some things on the page, it tries to call a Javascript which is still trying to call it thru HTTP. Since this is client side, I imagine that the Netscaler, does not rewrite it.

 

Is there a way to solve this?

 

Thank you

 

Ive found this code:

 

<script type="text/javascript">
        var blockwishlistController = "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?fc=module&module=blockwishlist&controller=action";
        var prestashop = {"cart":{"products":[],"totals":{"total":{"type":"total","label":"Total","amount":0,"value":"0,00\u00a0\u20ac"},"total_including_tax":{"type":"total","label":"Total (impuestos incl.)","amount":0,"value":"0,00\u00a0\u20ac"},"total_excluding_tax":{"type":"total","label":"Total (impuestos excl.)","amount":0,"value":"0,00\u00a0\u20ac"}},"subtotals":{"products":{"type":"products","label":"Subtotal","amount":0,"value":"0,00\u00a0\u20ac"},"discounts":null,"shipping":{"type":"shipping","label":"Transporte","amount":0,"value":""},"tax":null},"products_count":0,"summary_string":"0 art\u00edculos","vouchers":{"allowed":0,"added":[]},"discounts":[],"minimalPurchase":0,"minimalPurchaseRequired":""},"currency":{"id":1,"name":"Euro","iso_code":"EUR","iso_code_num":"978","sign":"\u20ac"},"customer":{"lastname":null,"firstname":null,"email":null,"birthday":null,"newsletter":null,"newsletter_date_add":null,"optin":null,"website":null,"company":null,"siret":null,"ape":null,"is_logged":false,"gender":{"type":null,"name":null},"addresses":[]},"language":{"name":"Espa\u00f1ol (Spanish)","iso_code":"es","locale":"es-ES","language_code":"es","is_rtl":"0","date_format_lite":"d\/m\/Y","date_format_full":"d\/m\/Y H:i:s","id":1},"page":{"title":"","canonical":null,"meta":{"title":"PrestaShop","description":"Tienda creada con PrestaShop","keywords":"","robots":"index"},"page_name":"index","body_classes":{"lang-es":true,"lang-rtl":false,"country-ES":true,"currency-EUR":true,"layout-full-width":true,"page-index":true,"tax-display-enabled":true},"admin_notifications":[]},"shop":{"name":"PrestaShop","logo":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/logo.png","stores_icon":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/logo_stores.png","favicon":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/favicon.ico"},"urls":{"base_url":"http:\/\/sub.publicfqdn.com\/prestashop\/","current_url":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php","shop_domain_url":"http:\/\/sub.publicfqdn.com","img_ps_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/","img_cat_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/c\/","img_lang_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/l\/","img_prod_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/","img_manu_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/m\/","img_sup_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/su\/","img_ship_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/s\/","img_store_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/st\/","img_col_url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/co\/","img_url":"http:\/\/sub.publicfqdn.com\/prestashop\/themes\/classic\/assets\/img\/","css_url":"http:\/\/sub.publicfqdn.com\/prestashop\/themes\/classic\/assets\/css\/","js_url":"http:\/\/sub.publicfqdn.com\/prestashop\/themes\/classic\/assets\/js\/","pic_url":"http:\/\/sub.publicfqdn.com\/prestashop\/upload\/","pages":{"address":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=address","addresses":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=addresses","authentication":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=authentication","cart":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=cart","category":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=category","cms":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=cms","contact":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=contact","discount":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=discount","guest_tracking":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=guest-tracking","history":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=history","identity":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=identity","index":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php","my_account":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=my-account","order_confirmation":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order-confirmation","order_detail":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order-detail","order_follow":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order-follow","order":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order","order_return":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order-return","order_slip":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order-slip","pagenotfound":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=pagenotfound","password":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=password","pdf_invoice":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=pdf-invoice","pdf_order_return":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=pdf-order-return","pdf_order_slip":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=pdf-order-slip","prices_drop":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=prices-drop","product":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=product","search":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=search","sitemap":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=sitemap","stores":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=stores","supplier":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=supplier","register":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=authentication&create_account=1","order_login":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?controller=order&login=1"},"alternative_langs":[],"theme_assets":"\/prestashop\/themes\/classic\/assets\/","actions":{"logout":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php?mylogout="},"no_picture_image":{"bySize":{"small_default":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-small_default.jpg","width":98,"height":98},"cart_default":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-cart_default.jpg","width":125,"height":125},"home_default":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-home_default.jpg","width":250,"height":250},"medium_default":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-medium_default.jpg","width":452,"height":452},"large_default":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-large_default.jpg","width":800,"height":800}},"small":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-small_default.jpg","width":98,"height":98},"medium":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-home_default.jpg","width":250,"height":250},"large":{"url":"http:\/\/sub.publicfqdn.com\/prestashop\/img\/p\/es-default-large_default.jpg","width":800,"height":800},"legend":""}},"configuration":{"display_taxes_label":true,"display_prices_tax_incl":true,"is_catalog":false,"show_prices":true,"opt_in":{"partner":true},"quantity_discount":{"type":"discount","label":"Descuento unitario"},"voucher_enabled":0,"return_enabled":0},"field_required":[],"breadcrumb":{"links":[{"title":"Inicio","url":"http:\/\/sub.publicfqdn.com\/prestashop\/index.php"}],"count":1},"link":{"protocol_link":"http:\/\/","protocol_content":"http:\/\/"},"time":1666768528,"static_token":"28b26729b4ba41e22fde26fbc4c884d3","token":"459c5feb17a64840008839387447a6de","debug":false};
        var prestashopFacebookAjaxController = "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?fc=module&module=ps_facebook&controller=Ajax";
        var productsAlreadyTagged = [];
        var psemailsubscription_subscription = "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?fc=module&module=ps_emailsubscription&controller=subscription";
        var psr_icon_color = "#F19D76";
        var removeFromWishlistUrl = "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?action=deleteProductFromWishlist&fc=module&module=blockwishlist&controller=action";
        var wishlistAddProductToCartUrl = "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?action=addProductToCart&fc=module&module=blockwishlist&controller=action";
        var wishlistUrl = "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?fc=module&module=blockwishlist&controller=view";
      </script>

 

As you can see, there are still http links there that arent been rewritten

 

Link to comment
Share on other sites

Looking at your original post where Rhonda replied, in essence the rewrites she suggested should be doing the trick, however you might need to modify your policy expression so the policy also hits for the javascript requests. Additionally you might need to align your target expression to the actual response content length (e.g. something like HTTP.RES.BODY(HTTP.RES.CONTENT_LENGTH), or just increase the integer value manually). The idea here is that when the browser fetches the javascript, the variables containing the http URLs are rewritten to https URLs in the code, which would then be executed by the client.

Link to comment
Share on other sites

2 hours ago, Gunther De Poortere said:

Looking at your original post where Rhonda replied, in essence the rewrites she suggested should be doing the trick, however you might need to modify your policy expression so the policy also hits for the javascript requests. Additionally you might need to align your target expression to the actual response content length (e.g. something like HTTP.RES.BODY(HTTP.RES.CONTENT_LENGTH), or just increase the integer value manually). The idea here is that when the browser fetches the javascript, the variables containing the http URLs are rewritten to https URLs in the code, which would then be executed by the client.

 

Instead of rewriting "http://" Im writing "http" and that is working properly.

 

I do wish to know how to make a proper rewrite for 

 

http:\/\

Link to comment
Share on other sites

While just rewriting 'http' to 'https' works in your case, that seems a little dangerous to me as it would mean that any occurance of the string 'http' would be rewritten, which could be unwanted. My guess as to why it's not working for 'http://' is as good as yours at this point, but I'd suggest to try with a regex replace instead of a literal string then, might be better considering the special characters.

Link to comment
Share on other sites

Gunther stepped in with some excellent updates (for larger body files than what I planned for)  and now that you have more specific examples of the problem we can take a look at more robust fixes to expression conditions.

 

I still might attempt a URL Transform if the patterns get more complex, but I think you can tweak the original policies.

 

But the reason why the additional content may have been missed is that:

The original content is "http:\/\/"  the text string doesn't see it as a match to rewrite when we looked for "http://" explicitly.  On a "text" match basis these aren't equivalent.  

I was also trying to limit the http:// to https:// rewrites to address the host name change to and so it was a bit more narrow than anticipated.

 

Gunther's right that rewriting all http to https is dangerous, because if you already had an https:// string and you matched on "http" you would end up with "httpss://".

 

You would probably need a rule for "http:" would handle that broadly but I also rewrote based on http://<internalname> and not also http://<publicname> being included.

You may want a policy for both.  I can work on it after class (if you don't get a better answer sooner.)

 

 

 

Link to comment
Share on other sites

Ok, this was a longer answer than I thought, because there are some tricks with the pattern matching and the syntax. Also, the scenario is still unclear, so I'm giving you a few variants. But then I remembered we now have multiple rewrites and they may be changing what we need to do here, so see final note.

 

My assumptions based on above:

For the script examples above, you show:

 "http:\/\/sub.publicfqdn.com\/prestashop\/index.php?fc=module&module=blockwishlist&controller=action";

  • Is this the literal content being returned by the server, through the ADC and what reaches the user, so the "\" escapes are in the actual response and not just encoded when you posted? (I assumed, but if not, the below examples won't work.)
  • And is the <sub.publicfqdn.com> included, means the request gets to the user with the public lb FQDN and does NOT retain the backend server <privatefqdn>? (I addressed both below.)

 

This means you need to handle the following scenarios:

  • The original RESPONSE Location Headers with:  http://<privatefqdn> being rewritten to https://<publicfqdn>
  • The original RESPONSE Body rewrites with:  http://<privatefqdn> being rewritten to https://<publicfqdn>
  • And the NEW pattern in the REPONSE with:  http:\/\/<publicfqdn> being rewritten to https:\/\/<publicfqdn>   NOTE: I'm assuming we have to keep the escaped characters.
  • Is there a chance that there are additional rewrites with the public or private fqdn or other patterns?

 

In general, the best way to understand these series of rewrites and whether you need 2-4 or 4-8 rewrite policies (or a rewrite transform), is to have examples of the patterns you observe:

  • Request from client to vip.
  • Request from ADC to backend server.
  • Response from backend server to ADC.
  • Response from ADC to client.

Because we may need to account for IPs and Names (both frontend and backend), port changes, and full and relative path URLS or alternates.

By looking at it holistically, you might find better, more efficient options.

 

That being said, with the info I have above for Bullet 3 above, would be something like this.  I would favor more restrictive "replace_all" over more broadly defined ones. But once your sure of your patterns it could be broader.  You can still control scope of policy and therefore match in the policy expression.

 

For scenario 3, I tried a few variations to give you options.

Note; Several considerations:

  • First, the action evaluator in the GUI would not accept:  http.res.body(http.res.content_length), so I used the large integer instead. It might work on real traffic and the evaluator doesn't simulate a length but will work with real traffic OR this might not work in the real world for this scenario.   You can try it both ways, but I would start simple and try one change at a time.
  • Also, the "\/"  escaped slashes have to be double escaped backslashes to enter in the GUI even as "text strings" or it won't be valid syntax, but it will match on the single escaped characters in the test case.
  • The HEAD portion of the response still counts as a HTTP.RES.BODY content (not just the literal body section). ADC just breaks down headers and everything else (body). See example screenshot.

There are multiple other ways to do this, but based on the info so far, here are some examples. There were some tricks to this syntax. I'll post the screenshots separate.

 

# Rule 3: variant 1:

(in case you meant http:\/\/privatefqdn --> public fqdn

add rewrite action rw_act_body_http_to_https_scripts replace_all "http.RES.body(999999999)" q{"https:\\/\\/newfqdn.public.com"} -search q{text("http:\\/\\/oldfqdn.demo.net")}

add rewrite policy rw_pol_body_http_to_https_scripts q{http.RES.BODY(9999999).set_text_mode(ignorecase).CONTAINS("http:\\/\\/oldfqdn.demo.net")} rw_act_body_http_to_https_scripts

# The q{"<expr>"} is a quoting syntax and represents exactly what you will see in the GUI with no additional escapes.

# The target expression  "https:\\/\\/oldfqdn.public.com"  will match to https:\/\/oldfqdn.public.com in original response.

# The expression  "https:\\/\\/newfqdn.public.com"  will rewrite to https:\/\/newfqdn.public.com in final response.

 

# Rule 3: variant 2:

(in case you meant http:\/\/newfqdn --> https:\/\/newfqdn

add rewrite action rw_act_body_http_to_https_scripts2 replace_all "http.RES.body(999999999)" q{"https:\\/\\/newfqdn.public.com"} -search q{text("http:\\/\\/newfqdn.public.com")}

add rewrite policy rw_pol_body_http_to_https_scripts2 q{http.RES.BODY(9999999).set_text_mode(ignorecase).CONTAINS("http:\\/\\/newfqdn.public.com")} rw_act_body_http_to_https_scripts2

 

# Rule 3: variant 3:

(if you wanted to find any http:\/\/<anything> --> and rewrite to https:\/\/, without affecting the explict http://<other> https://<other> we already addressed, you might try this:

add rewrite action rw_act_body_http_to_https_scripts3 replace_all "http.RES.body(999999999)" q{"https:\\/"} -search q{text("http:\\/\\/")}
add rewrite policy rw_pol_body_http_to_https_scripts3 q{http.RES.BODY(9999999).set_text_mode(ignorecase).CONTAINS("http:\\/\\/")} rw_act_body_http_to_https_scripts3

 

Will rewrite examples [1] and [2] in either HEAD or BODY, but not [3] and patterns like it:

[1] http:\/\/oldfqdn.demo.net/stuff1

[2] http:\/\/newfqdn.public.com/stuff2

[3] http://oldfqdn.public.com/notamatch

 

Key considerations:

  • Actual Policy expressions to trigger these actions may vary.   Or need to be tweaked. We don't want targets of these rewrites to overlap with other rewrite policies, because while multiple rewrites can be performed on a single response, you can't rewrite content made by another policy (they all apply to the original content). So if one of the earlier policies is rewriting something wrong that we are trying to "Fix" now, it won't work based on the assumed information.
  • If you have issues, disable all rewrites and look back at the original response being returned and then we identify every pattern and variant that needs to be modified and we look where we can consolidate rules to do multiple things or where we need separate rules.

 

Link to comment
Share on other sites

Screenshots: Rewrite Action and the Action Evaluator for reference to how it appears in GUI and how it should match.

 

Variant 1:

image.thumb.png.8d53c52a3c1b7f073277644106efb454.png

 

Variant 1 in action evaluator:

image.thumb.png.7cbad22e7ff38eb98089bc92b440dc67.png

 

Variant 3 in action evaluator for the match all http:\/\/ with a variety of FQDNs but not the http:// matches. (Worked for head and body sections, but only pictured one.)

image.thumb.png.84e39840f18953e954a1aee90346ec36.png

Link to comment
Share on other sites

  • 2 weeks later...

Great answers, first off. @Rhonda Rowland thank you.

 

Right now, I have http://oldfqdn -> https://newfqdn ; 95% of pages is working. To my surprise, some http:// are still not getting replaced. I imagine that its some PHP calling a http link or something and thats why it isnt working. I believe I cannot rewrite that, correct?

 

It me it seems the best solution is

 

http://oldfqdn -> https://newfqdn (currently what I have)

 

http:\/\/ -> https:\/\/

 

I also have issues with, for example, http://0.gravatar.com but thats really on a per case basis.

 

With these two rewrites, I think it would be enough. 

 

Link to comment
Share on other sites

You can still solve with responder policies to redirect http to https request side IF the fqdn is the public fqdn.

Otherwise additional rewrite policies.

 

Normally I would have used url transform instead, but without a clear understanding of the patterns involved it was easier to tackle this on a case by case basis.

You should be able to replace the http links that aren't being rewritten UNLESS they are generated client side.

But you would need to share info about their pre adc structure to know why the current policies are missing them. The policies are relatively narrowly defined to avoid catching too much.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...