09-02-2008 05:44 PM
I want to enforce SSL (i.e change http:// to https://) on specific URLs only using apprule. example: any URL containing http://..../specific/ ---> to be https://..../specific/
Also please is there any source with more examples/description for AppRules usage in more detail other than that in Installation and Administration Guide
09-03-2008 08:03 AM
For Apprules I use a printout of http://forums.juniper.net/jnet/attachments/jnet/dx/28/1/dx_quick_reference_guide_5_2.pdf as it covers the allowed rules and has good examples.
To change from HTTP to HTTPS requires the client to make a new connection, as it will need to perform a SSL handshake. With Apprules you can force the client to reconnect to a HTTPS enabled cluster, which would be best done using a redirector. You can use apprules to issue a redirect to HTTPS like:
RS: url starts_with "/" then redirect "https://www.ssl-site.com/"
If you want to re-write the server responses which contain links to http:// so they are sent as https:// the above PDF has an example of how to do this, like:
PTC: content contains "http://" then replace content term "https://"
It is also suggested to re-write Location headers which are sent in redirect (3xx) responses like:
PTH: reply_header "Location" contains "http://" then replace reply_header "Location" term "https://" and continue
The PDF has more examples for PeopleSoft where the cookies, Referer headers etc are all checked and replaced which can be used to create your own rules. If you inspect the content returned, you should be able to craft apprules to re-write any content you find that contains incorrect links.