Application Delivery (ADX)

How to rewrite the body of a HTTP response

by on ‎06-09-2009 05:58 AM (161 Views)


We want to rewrite the body of HTTP responses.


The are multiple reasons to rewrite the body of an HTTP response. The most common reason is SSL offload or hiding local internal machine names/ports because of hardcoded applications. In SSL scenario, e.g. A lot of pages in a response include links starting with http:// - the web servers are not changing embedded links from "http://" to "https://" in case SSL offload is getting used. It is possible to do this at the ServerIron using HTTP response rewrite - this way, the upgrade from HTTP only load balancing to HTTP/HTTPS loadbalancing is more easy, and the only configuration changes required are on the ServerIron.

The example below is using the FQDN This is the FQDN used to reach the application - all http links pointing to

need to be replaced with https links to

This ensures the client is getting https links only and it is therefore not possible to leave the encrypted area (HTTPS) by accident using an HTTP link.

You can also change the URL using response rewrite rules if hiding a local internal server. e.g. to

Topology Diagram


Sample Code/Configuration

ssl profile sslp
keypair-file key
certificate-file cert
cipher-suite all-cipher-suites
session-cache off

csw-rule "r1" url exists
csw-rule "r12" response-body pattern ""
csw-policy "p1" type response-rewrite
match "r1" response-body-rewrite
match "r12" rewrite response-body-replace "" offset 0 length 23
server real rs101
port http
port http url "HEAD /"
server virtual vs222
port ssl ssl-terminate sslp
port ssl response-rewrite-policy "p1"
port ssl keep-alive
bind ssl rs101 http

ATTENTION: This requires SSL offload - ensure you are using at least  ADX OS >= 12.1.

It is possible to do this for plain-text HTTP traffic as well. The virtual server configuration would look slightly different in this case:

server virtual vs222
port http
port http response-rewrite-policy "p1"
port http keep-alive
bind http rs101 http