Nimbostratus
I'd like to make a response rule that rewrites a http responses based off the originating client IP request.
Something like:
if client ip is not our firewall
rewrite "admin.domain" to "www.domain" links within the response
else
don't rewrite
end
Some sample code would be greatly appreciated.
Cirrostratus
when RULE_INIT {
Log debug messages to /var/log/ltm? 1=yes, 0=no.
set ::rewrite_debug 1
}
when CLIENT_ACCEPTED {
Check if client IP address is one to rewrite the content for
if {not ([IP::addr [IP::client_addr] equals 1.1.1.1]}{
set a flag to rewrite the client
set rewrite_response 1
if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Checking response for [HTTP::path]"}
} else {
Check response
set rewrite_response 0
if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Not checking response for [HTTP::path]"}
}
}
when HTTP_RESPONSE {
Rewrite the Location header on redirects
if {[HTTP::is_redirect] and [HTTP::header value Location] contains "admin.domain"]}{
HTTP::header replace Location [string map -nocase {admin.domain www.domain} [HTTP::header value Location]]
}
Check response content
if {$rewrite_response and [HTTP::header value "Content-Type"] contains "text"}{
Set a stream expression to rewrite admin.domain to www.domain
STREAM::expression {@admin.domain@www.domain@}
Enable the stream filter
STREAM::enable
if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Enabled stream filter for this response"}
} else {
If this event is still enabled we shouldn't rewrite the response so disable the stream filter
STREAM::disable
if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Disabled stream filter for this response"}
}
}
when STREAM_MATCHED {
This event is enabled just for debug logging. Remove or comment the event out when you're done testing
if {$::rewrite_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Matched: [STREAM::match]"}
}
Aaron