DX - Load Balancing & Application Acceleration
Reply
Regular Visitor
mofathy
Posts: 3
Registered: ‎08-05-2008
0

https enforce for specific URLs

I want to enforce SSL (i.e change http:// to https://) on specific URLs only using apprule. example: any URL containing http://..../specific/  ---> to be https://..../specific/

 

Also please is there any source with more examples/description for AppRules usage in more detail other than  that in Installation and Administration Guide

 

Thanks

Recognized Expert
MattS
Posts: 205
Registered: ‎11-06-2007

Re: https enforce for specific URLs

 

For Apprules I use a printout of  http://forums.juniper.net/jnet/attachments/jnet/dx/28/1/dx_quick_reference_guide_5_2.pdf as it covers the allowed rules and has good examples.

 

To change from HTTP to HTTPS requires the client to make a new connection, as it will need to perform a SSL handshake.   With Apprules you can force the client to reconnect to a HTTPS enabled cluster, which would be best done using a redirector.  You can use apprules to issue a redirect to HTTPS like:

 

RS: url starts_with "/" then redirect "https://www.ssl-site.com/"

 

 

 

If you want to re-write the server responses which contain links to http:// so they are sent as https:// the above PDF has an example of how to do this, like:

 

PTC: content contains "http://" then replace content term "https://"

 

 

It is also suggested to re-write Location headers which are sent in redirect (3xx) responses like:

 

PTH: reply_header "Location" contains "http://" then replace reply_header "Location" term "https://" and continue

 

 

The PDF has more examples for PeopleSoft where the cookies, Referer headers etc are all checked and replaced which can be used to create your own rules.  If you inspect the content returned, you should be able to craft apprules to re-write any content you find that contains incorrect links.

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.