Forum Discussion

Jeff_42220's avatar
Jeff_42220
Icon for Nimbostratus rankNimbostratus
Aug 14, 2009

404 redirect irule adding requested URL

 

We use a separate sorry server on our network, and I am trying to figure out how to write an irule that will redirect users to that sorry server when they get a 404 error. I would like the originally requested URL to be passed along as part of that redirect, possibly in an HTTP header so that it can then be read off the sorry server and displayed on the page. How should I do this?

 

 

We have the basic 404 irule redirect already in place, but I don't know if I should add the requested Host/URI information into the redirect somehow or if I should accomplish this by some other means. Again, our goal is to have the 404 redirect go to our sorry server, but have something in that redirect that will include the original Host/URI passed over to our sorry server for display on that web page somehow.

 

 

when HTTP_RESPONSE {

 

if { [HTTP::status] contains "404"} {

 

HTTP::redirect "http://sorryserver"

 

}

 

}

 

 

Thanks for your assistance!

 

 

-Jeff
application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 14, 2009
    Hi Jeff,

    If you do try something like this, make sure to sanitize or HTML encode any input from the request before using it in the response content. Failure to do this would lead to a XSS vulnerability in the page which displays the user input.

    The best option for passing the data would be in a URL parameter. You could try something like this: 

     
 when HTTP_REQUEST { 
  
     Save the host/URI so it will be available in the HTTP_RESPONSE event 
    set url [HTTP::host][HTTP::uri] 
 } 
 when HTTP_RESPONSE { 
     Check for a 404 response 
    if { [HTTP::status] == 404} { 
  
        Redirect the client to the sorry page with the original host/URI set as a URI encoded parameter 
       HTTP::redirect "http://sorryserver?original_url=[URI::encode $url]" 
    } 
 }

    Aaron
  • Jeff_42220's avatar
    Jeff_42220
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2009

     

    Thanks for the quick response, Aaron! I appreciate it.

     

     

    Are you saying that the irule you proposed would not be subject to the XSS vulnerability you described?

     

     

    Also, I know that only a small percentage of HTTP requests as they come in are going to a non-existent page and will be getting the 404 response. Is there any performance impact of having an irule looking at all the HTTP requests coming in regardless of whether a 404 response comes back? I'm fairly new to irules.

     

     

    Thanks, again.

     

     

    Jeff