DX - Load Balancing & Application Acceleration
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
mofathy
Regular Visitor
mofathy
Posts: 3
Registered: ‎08-05-2008
0

https enforce for specific URLs

Options

‎09-02-2008 05:44 PM

I want to enforce SSL (i.e change http:// to https://) on specific URLs only using apprule. example: any URL containing http://..../specific/  ---> to be https://..../specific/

 

Also please is there any source with more examples/description for AppRules usage in more detail other than  that in Installation and Administration Guide

 

Thanks

Message 1 of 2 (5,164 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
MattS
Posts: 205
Registered: ‎11-06-2007

Re: https enforce for specific URLs

Options

‎09-03-2008 08:03 AM

 

For Apprules I use a printout of  http://forums.juniper.net/jnet/attachments/jnet/dx/28/1/dx_quick_reference_guide_5_2.pdf as it covers the allowed rules and has good examples.

 

To change from HTTP to HTTPS requires the client to make a new connection, as it will need to perform a SSL handshake.   With Apprules you can force the client to reconnect to a HTTPS enabled cluster, which would be best done using a redirector.  You can use apprules to issue a redirect to HTTPS like:

 

RS: url starts_with "/" then redirect "https://www.ssl-site.com/"

 

 

 

If you want to re-write the server responses which contain links to http:// so they are sent as https:// the above PDF has an example of how to do this, like:

 

PTC: content contains "http://" then replace content term "https://"

 

 

It is also suggested to re-write Location headers which are sent in redirect (3xx) responses like:

 

PTH: reply_header "Location" contains "http://" then replace reply_header "Location" term "https://" and continue

 

 

The PDF has more examples for PeopleSoft where the cookies, Referer headers etc are all checked and replaced which can be used to create your own rules.  If you inspect the content returned, you should be able to craft apprules to re-write any content you find that contains incorrect links.

 

 

Message 2 of 2 (5,150 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.