Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 5
Registered: ‎02-28-2011

csw request-rewrite and response-rewrite in parallel?

on a serveriron adx 1000 i need to insert the client ip address into the http requests received on a virtual server and also to rewrite urls in responses from corresponding real servers from "http:..." to "https:...". since client-ip insertion requires a rewrite of requests (policy: "INSERT_CUSTOMER_IP") and url rewrite in responses requires a rewrite of responses (policy: "REWRITE_TO_HTTPS") , two different types of policies need to be implemented. unfortunately, only one csw-policy can be attached to the port on a virtual server at a time. how can this be solved? thanks.

System Version 12.4.00bT40:

ssl profile SSL-US_xyz

keypair-file xyz_us_key2048.pem

certificate-file www_us_xyz_com.crt

cipher-suite rsa-with-rc4-128-md5

cipher-suite rsa-with-rc4-128-sha

cipher-suite rsa-with-3des-ede-cbc-sha

cipher-suite rsa-with-aes-128-sha

cipher-suite rsa-with-aes-256-sha

enable-certificate-chaining

session-cache off

server port 80

tcp

                                                                 

server port 443

tcp

csw-policy "INSERT_CUSTOMER_IP"

default forward 1

default rewrite request-insert client-ip "Customer_IP"

csw-rule "RULE01" url exists

csw-rule "RULE02" response-body pattern "http://www.xyz"

csw-rule "RULE02a" response-body pattern "http://tagging.xyz"

csw-rule "RULE02b" response-body pattern "http://www.us.xyz"

csw-policy "REWRITE_TO_HTTPS" type response-rewrite

match "RULE01" response-body-rewrite

match "RULE02" rewrite response-body-replace "https://www.xyz" offset 0 length 16

match "RULE02a" rewrite response-body-replace "https://tagging.xyz" offset 0 length 20

match "RULE02b" rewrite response-body-replace "https://www.us.xyz" offset 0 length 19

server remote-name abc 10.3.22.131

port default disable

source-nat

port http

port http url "HEAD /"

port http group-id  1 1

server remote-name def 10.3.22.132

port default disable

source-nat                                                      

port http

port http url "HEAD /"

port http group-id  1 1

server group-real D_SERVERS

real-server abc def

!

server virtual www.us.xyz.com xx.xx.254.10

port default disable

port http sticky

port http lb-pri-servers

port ssl sticky

port ssl ssl-terminate SSL-US_xyz

port ssl lb-pri-servers

port ssl csw-policy "INSERT_CUSTOMER_IP" (need to attach also policy  "REWRITE_TO_HTTPS" here, but not possible)

port ssl csw

port ssl keep-alive

bind http group-real D_SERVERS http

bind ssl group-real D_SERVERS http

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: csw request-rewrite and response-rewrite in parallel?

Hello Claus,

The csw-policy manipulates forward packets where response-rewrite-policy reverse. Below, this should work.

server virtual www.us.xyz.com xx.xx.254.10

port ssl response-rewrite-policy "REWRITE_TO_HTTPS" 

port ssl csw-policy "INSERT_CUSTOMER_IP"

Thanks.

//Kono

Occasional Contributor
Posts: 5
Registered: ‎02-28-2011

Re: csw request-rewrite and response-rewrite in parallel?

hi kono,

that worked.

thanks a lot and best regards,

claus

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook