You used NetScaler Rewrite feature many times to change pieces of information as it flows through NetScaler either ways. Have you thought even if Rewrite function can be used to change the entire application, including its method and the HTTP body? Hmmm ... sounds interesting 
Many recent publications and safety reports have recommended the use of HTTP body of HTTP request to transmit sensitive information. Most legacy applications are written with the logic of sending username and password sensitive chips using HTTP GET request using the part of the application. Here is a sample request:
/login.asp?user=xyz&pass=*^#JD12 GET HTTP / 1.1
Accept: * / *
Host: www . myapp.com
User-Agent: Mozilla / 4.0
now if you are prompted to accept the request of the customer on NetScaler and convert it into a POST request when the portion of the query becomes a part of the POST body and go toward the server. A little challenge, is not it ??? Not really, that's the beauty of the setting and AppExpert Rewrite feature on NetScaler where these complex requirements can be treated very effectively. Breaking the problem in some logical parts:
1) Change the GET request method to POST
This is the first operation to convert the method of the request itself. After action will take care of it.
add rewriting action replace method HTTP.REQ.METHOD replace "" POST ""
2) Insert content query in the HTTP body
This is the basic requirement that the request parameter must be passed in the HTTP body in the POST request. Following action inserts the request URL parameter after all HTTP request headers.
add rewriting action insert-through-body insert_after HTTP.REQ.FULL_HEADER HTTP.REQ.URL.QUERY.HTTP_URL_SAFE -bypassSafetyCheck YES
3) insert Content-Length
once we convert the request GET to POST and insert the query in the application of the body, the most important operation is to insert header correctly Content-Length. Without this header server will not accept the body and the application will be treated as invalid. Also this header is extremely important to have a correct value, otherwise the application will be again treated as invalid.
add rewriting action insert-cl insert_http_header Content-Length HTTP.REQ.URL.QUERY. Length
action above generically insert the header Content-Length in a way that will work for any application dynamically length.
4) Insert Content-Type header
It is recommended to take place in Content-Type inserted as well.
add the rewriting action insert_http_header Content-type insert-ct "" application / x-www-form-urlencoded ""
5 ) Remove URL request query
now, the most important operation is to remove the contents of the query from URL. Following action replaces the original URL with a new URL without the interrogation room
add rewriting action remove-query replace HTTP.REQ.URL.PATH_AND_QUERY HTTP.REQ .URL.PATH.HTTP_URL_SAFE. - BypassSafetyCheck YES
With these five logical steps that you can modify the query given GET to look after the POST request on backend.
POST /login.asp HTTP / 1.1
Accept: * / *
host: www.myapp.com
user-Agent: Mozilla / 4.0
Content-Length: 24
Content-Type: application / x-form-urlencoded www
user = xyz & pass = * ^ # JD12
the best way to perform all these actions is to have simple policies and group them under a policylabel which are called flow once everything is done. Here is the sample policy and policylabel config:
add the rewrite policy is_get_with_query "HTTP.REQ.URL.QUERY.LENGTH.GT (0) && HTTP.REQ.METHOD .EQ (GET) "NOREWRITE
add political pol1 rewriting replace true method
add pol2 rewriting real political insert-into-body
add pol3 rewriting real insert policy -cl
add rewriting policy POL4 insert real-ct
add rewriting pol5 real political remove-query
add rewriting policylabel get_to_post_group http_req
bind rewriting policylabel get_to_post_group pol1 1 NEXT
bind rewriting policylabel get_to_post_group pol2 2 NEXT
bind rewriting policylabel get_to_post_group pol3 3 NEXT
bind rewriting policylabel get_to_post_group POL4 4 NEXT
bind rewriting policylabel get_to_post_group pol5 5 END
bind rewrite World is_get_with_query 100 END kind REQ_DEFAULT -invoke policylabel get_to_post_group
With configuration above all the operation will simply flow. You have to wonder what other cool stuff can be done with this set of features .... Keep thinking
0 Komentar