Jump to content
Welcome to our new Citrix community!

Rewrite policy


Manoj Rana

Recommended Posts

 

Hi All,

 

I am trying to use rewrite policy and action to replace the first part of the URL and keep the last part last part http://example:9080/forms/anon/org/app/ to https:newexample.fqdn.com/apps/secure/org/app and keep everything after.

 

Old URL : http://example:9080/forms/anon/org/app/b006aa54-1737-43c9-8a03-a2cb0be9113c/launch/index.html?form=F_StudyLeave&id=6c29a26d-960d-4b88-8803-a664d723a312 

NEW URLhttps://newexample.fqdn.com/apps/secure/org/app/secure/org/app/b006aa54-1737-43c9-8a03-a2cb0be9113c/launch/index.html?form=F_StudyLeave&id=6c29a26d-960d-4b88-8803-a664d723a312

 

Actions

Expression: HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE)

Expression: HTTP.REQ.URL.REPLACE("^http://example:9080/forms/anon/org/app/(.*)", "https://newexample.fqdn.com/apps/secure/org/app/$1")

 

 

Policies

 

Expression: HTTP.REQ.URL.STARTSWITH("/forms/anon/org/app/")

 

It is not working. Can anyone let me know any other way to achieve this?

 

Thanks

Manoj

 

 

Link to comment
Share on other sites

Your original description is that you wanted to change the HOST portion only, but the actual example changes host AND path elements.

Also, remember, if you are using REWRITE on a REQUEST to change the HOST it only changes the host portion as it leaves the ADC to the backend server and will not result in a new destination other than the lb services attached to the lb vserver. If the user needs to go from old host to new host, then it should be a RESPONDER redirect instead of a REWRITE - which is likely NEEDED for the http:// to https:// portion in your example.  If this is a rewrite to change links in response body, then the responder may not be needed.

 

Once we figure out the URL modification, I'll give you some examples, and then you can figure out if you need Responder only, Rewrite only, or a responder redirect for host with a separate rewrite for path. Depending on the problem you really need to solve.

 

Also, if you are using URL TRANSFORM and not just REWRITE then I'll note that below as well. (It was unclear in your description, but your policy detail seems to imply URL TRANSFORM in use). You can't use backreferences in a regular rewrite action like that; but in a URL TRansform you would be able to reference a pattern in one field in another.  

 

----

For this specific examples:

From OLD URL:  http://example:9080/forms/anon/org/app/b006aa54-1737-43c9-8a03-a2cb0be9113c/launch/index.html?form=F_StudyLeave&id=6c29a26d-960d-4b88-8803-a664d723a312 

Into NEW URL:  https://newexample.fqdn.com/apps/secure/org/app/secure/org/app/b006aa54-1737-43c9-8a03-a2cb0be9113c/launch/index.html?form=F_StudyLeave&id=6c29a26d-960d-4b88-8803-a664d723a312

 

NOTE: if I misinterpreted your public (OLD URL)/private (NEW URL), we can switch these. Just figured I'd give you something to work with. Again, the exact scenario was vague enough I didn't want to guess.

 

Generalized, you need:

From OLD URL:  http://<oldfqdn1>/<path1>/<rest of orig path> into https://<newfqdn2>/<path2>/<rest of orig path>

Though you could aslo resule the "/org/app" as the start of the new path after "secure"... I'll base it off of this.

 

So, remember, http.req.url doesn't usually see the entire URL with host portion.  It only sees the target of the GET or POST which is usually /<path and query>.

Host and protocols aren't usually exposed here. So a rewrite targeting http.req.url may not be able to modify your host or protocol.  You can use a trace or a proxy between adc and server to see what the rewrite actually generates request time.

 

In reality, I think you either need a Responder redirect to go from http://<oldfqdn1:9080> to https://<newfqdn2> and the path changes OR a Responder to redirect the host portion, and the rewrite to handle the path changes after the initial redirect.  It depends on if you want the users to see the path changes or not.

 

So I'm going to mock this up as a RESPONDER redirect first, and then maybe a Responder Redirect followed by a REWRITE for paths.

 

Example 1: Responder only (complete redirect of all URL changes in response to the original request). Also hardcoded path changes based on url examples.

RESPONDER Action:  REDIRECT

Value (for gui):  "https://newexample.fqdn.com" + "/apps/secure/org/app/secure/org/app" + http.req.url.path_and_query.after_str("/forms/anon/org/app")

 

RESPONDER Policy: (bound to a vserver that is listening to the http://<oldfqdn:9080> ip/port>

Expression:  http.req.header("host").set_text_mode(ignorecase).eq("example:9080") && http.req.url.path.set_text_mode(ignorecase).startswith("/forms/anon/org/app")

 

CLI for reference:

add responder action rs_act_redirecturl1 redirect "\"https://newexample.fqdn.com\" + \"/apps/secure/org/app/secure/org/app\" + http.REQ.URL.PATH_AND_QUERY.AFTER_STR(\"/forms/anon/org/app\")" -responseStatusCode 302
add responder policy rs_pol_redirecturl1 "http.REQ.HEADER(\"host\").SET_TEXT_MODE(ignorecase).EQ(\"example:9080\") && http.REQ.URL.PATH.SET_TEXT_MODE(ignorecase).STARTSWITH(\"/forms/anon/org/app\")" rs_act_redirecturl1
 

Example 2:  URL TRANSFORM Example (since I saw your backreference attempt):

URL Transform Action:

URL Transform Action:

REQUEST URL From:  (http://example:9080)(/forms/anon/org/app)(.*)

REQUEST URL Into:  https://newexample.fqdn.com/apps/secure/org/app/secure/org/app$3

 

RESPONSE URL From:  (https://newexample.fqdn.com)(/apps/secure/org/app/secure/org/app)(.*)

RESPONSE URL Into:   http://example:9080/forms/anon/org/app$3

 

CLI version:

add transform action urlt1 urlt_rewriteurlsecure 10
set transform action urlt1 -priority 10 -reqUrlFrom "/demo" -reqUrlInto "/demo2" -resUrlFrom "/demo2" -resUrlInto "/demo1"
 

If you really did mean REWRITE or RESPONDER + REWRITE instead of URL TRANSFORM post back, and I can try to rework it. But hopefully these two examples help you figure out what you need.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...