DX - Load Balancing & Application Acceleration
Showing results for 
Search instead for 
Do you mean 
Regular Visitor
Posts: 3
Registered: ‎08-05-2008
0 Kudos

https enforce for specific URLs

I want to enforce SSL (i.e change http:// to https://) on specific URLs only using apprule. example: any URL containing http://..../specific/  ---> to be https://..../specific/


Also please is there any source with more examples/description for AppRules usage in more detail other than  that in Installation and Administration Guide



Recognized Expert
Posts: 205
Registered: ‎11-06-2007

Re: https enforce for specific URLs


For Apprules I use a printout of  http://forums.juniper.net/jnet/attachments/jnet/dx/28/1/dx_quick_reference_guide_5_2.pdf as it covers the allowed rules and has good examples.


To change from HTTP to HTTPS requires the client to make a new connection, as it will need to perform a SSL handshake.   With Apprules you can force the client to reconnect to a HTTPS enabled cluster, which would be best done using a redirector.  You can use apprules to issue a redirect to HTTPS like:


RS: url starts_with "/" then redirect "https://www.ssl-site.com/"




If you want to re-write the server responses which contain links to http:// so they are sent as https:// the above PDF has an example of how to do this, like:


PTC: content contains "http://" then replace content term "https://"



It is also suggested to re-write Location headers which are sent in redirect (3xx) responses like:


PTH: reply_header "Location" contains "http://" then replace reply_header "Location" term "https://" and continue



The PDF has more examples for PeopleSoft where the cookies, Referer headers etc are all checked and replaced which can be used to create your own rules.  If you inspect the content returned, you should be able to craft apprules to re-write any content you find that contains incorrect links.