Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 5
Registered: ‎02-28-2011

csw request-rewrite and response-rewrite in parallel?

on a serveriron adx 1000 i need to insert the client ip address into the http requests received on a virtual server and also to rewrite urls in responses from corresponding real servers from "http:..." to "https:...". since client-ip insertion requires a rewrite of requests (policy: "INSERT_CUSTOMER_IP") and url rewrite in responses requires a rewrite of responses (policy: "REWRITE_TO_HTTPS") , two different types of policies need to be implemented. unfortunately, only one csw-policy can be attached to the port on a virtual server at a time. how can this be solved? thanks.

System Version 12.4.00bT40:

ssl profile SSL-US_xyz

keypair-file xyz_us_key2048.pem

certificate-file www_us_xyz_com.crt

cipher-suite rsa-with-rc4-128-md5

cipher-suite rsa-with-rc4-128-sha

cipher-suite rsa-with-3des-ede-cbc-sha

cipher-suite rsa-with-aes-128-sha

cipher-suite rsa-with-aes-256-sha

enable-certificate-chaining

session-cache off

server port 80

tcp

                                                                 

server port 443

tcp

csw-policy "INSERT_CUSTOMER_IP"

default forward 1

default rewrite request-insert client-ip "Customer_IP"

csw-rule "RULE01" url exists

csw-rule "RULE02" response-body pattern "http://www.xyz"

csw-rule "RULE02a" response-body pattern "http://tagging.xyz"

csw-rule "RULE02b" response-body pattern "http://www.us.xyz"

csw-policy "REWRITE_TO_HTTPS" type response-rewrite

match "RULE01" response-body-rewrite

match "RULE02" rewrite response-body-replace "https://www.xyz" offset 0 length 16

match "RULE02a" rewrite response-body-replace "https://tagging.xyz" offset 0 length 20

match "RULE02b" rewrite response-body-replace "https://www.us.xyz" offset 0 length 19

server remote-name abc 10.3.22.131

port default disable

source-nat

port http

port http url "HEAD /"

port http group-id  1 1

server remote-name def 10.3.22.132

port default disable

source-nat                                                      

port http

port http url "HEAD /"

port http group-id  1 1

server group-real D_SERVERS

real-server abc def

!

server virtual www.us.xyz.com xx.xx.254.10

port default disable

port http sticky

port http lb-pri-servers

port ssl sticky

port ssl ssl-terminate SSL-US_xyz

port ssl lb-pri-servers

port ssl csw-policy "INSERT_CUSTOMER_IP" (need to attach also policy  "REWRITE_TO_HTTPS" here, but not possible)

port ssl csw

port ssl keep-alive

bind http group-real D_SERVERS http

bind ssl group-real D_SERVERS http

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: csw request-rewrite and response-rewrite in parallel?

Hello Claus,

The csw-policy manipulates forward packets where response-rewrite-policy reverse. Below, this should work.

server virtual www.us.xyz.com xx.xx.254.10

port ssl response-rewrite-policy "REWRITE_TO_HTTPS" 

port ssl csw-policy "INSERT_CUSTOMER_IP"

Thanks.

//Kono

Occasional Contributor
Posts: 5
Registered: ‎02-28-2011

Re: csw request-rewrite and response-rewrite in parallel?

hi kono,

that worked.

thanks a lot and best regards,

claus

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.