URI Masking

Problem this snippet solves:

The code snippet was utilized to mask the URI so that the client is unaware of the actual URI that was processed by the server. This can provide security but the main use case was to mask the older application version from the outside world.

How to use this snippet:

Whenever a client makes a request to: https://devtest.domain.com/wdev/wweb.ll?wsession

it will be altered like this: https://devtest.domain.com/wdev/wweb.ll?FoldSession

before it is load balanced to the pool: POOL-DEV2

The response from the pool member will be checked and the URI will be replaced like this: /wdev/wweb.ll?FoldSession replaced with /wdev/wweb.ll?wsession

The replacement is done so the client doesn't know the actual URI that is being processed by the server. The same principle can be applied to replace the domain name/host header value.

Code :

when HTTP_REQUEST {
set HOST [string tolower [HTTP::host]]
set URI [string tolower [HTTP::uri]] 

if { $HOST contains "devtest.domain.com" } {
#Disable SSL
SSL::disable serverside
}

if { $URI contains "/wdev/wweb.ll?wsession" } {
HTTP::uri [string map {/wdev/wweb.ll?wsession /wdev/wweb.ll?FoldSession} [HTTP::uri]] 
pool POOL-DEV2
}
}

when HTTP_RESPONSE {
if { [HTTP::header values Location] contains "/wdev/wweb.ll?FoldSession" } {
HTTP::header replace Location [string map {/wdev/wweb.ll?FoldSession /wdev/wweb.ll?wsession} [HTTP::header value Location]]
}
}

Tested this on version:

11.0
Published May 28, 2016
Version 1.0
application delivery
host header masking
iRules
LTM
uri masking

Was this article helpful?

No CommentsBe the first to comment