Forum Discussion

gizmo_240301's avatar
gizmo_240301
Icon for Nimbostratus rankNimbostratus
Dec 23, 2015

Masking URL on browser

I have a VIP, which runs an https page and calls other 8 VIPs. And that 8 VIPs redirect this https page, add port numbers and also load balances 8 servers with 8 different port numbers. For example, the end user types “abc.myportal.com” and that link is redirected to “https://abc.myportal.com:9460/xyz/login” or “https://abc.myportal.com:9461/xyz/login” or other ports. Now, i want to mask some parts of the URL from the end user. (e.g: port numbers). I dont want to redirect or translate URL. When i did it, the page didnt run. The link must run with port numbers but i only want to hide the port numbers from end user. They should see on the URL “https://abc.myportal.com/xyz/login” when they typed “abc.myportal.com”. But behind the scene, the link with port numbers must run.

 

May be this is not possible. Anybody can help ? When i all read the other questions, i found “redirect, translate URL etc” but they didnt work.

 

Thanks&Regards

 

6 Replies

  • Hi Gizmo,

     

    it might be possible to inject a cookie_name=portnumber on the initial redirect and then use the cookie_value as differentiator for different instances.

     

    iRule for :443

     

    when HTTP_REQUEST {
        if { [string tolower [HTTP::uri] starts_with "/xyz/login" } then {
            set pool_port [HTTP::cookie value pool_port]
            if { $pool_port == 9460 } then {
                pool application1
            } elseif { $pool_port == 9461 } then {
                pool application2
            } elseif { $pool_port == 9462 } then {
                pool application3
            } else {
                 Default pool or error message
            }
        } else {
             Your redirect code but with additional cookie insert
        }
    }

    Cheers, Kai

     

  • Hi Gizmo,

     

    it is not possible to hide something to the user... it was possible previously but for security reason, browser display the real URL...

    The only ports not displayed by the browser are default of the requested protocol:

    • http --> 80
    • https--> 443

    If you want to hide port, the reverse proxy must listen on the default port and rewrite host header with port number, and sometimes rewrite responses

    But, the better solution is to define in the back end server the proxy hostname and port.

    ex, in tomcat, you can define the following parameters...

    Look at your application admin guide if it support this feature.

  • Hi all! Sorry for late answer. The servers have become offline by the system team 2 weeks ago. Now, it is alive again and i tried your action plans.

     

    Kai, Thanks for your answer. I tried it but, it did not work. It did not affect anything.

     

    Stanislas, Thanks for your answer. Unfortunately i must hide the port numbers which occurs after the redirection, not the default ports.

     

  • As I answered previously, you can't hide port number, Only default ports are hidden...

     

    the solution provided by Kay listen on https default port (443) and user must provide a cookie containing pool member port number. (this cookie may be inserted in a HTTP_RESPONSE event of the first VS instead of redirecting to this port)

     

    This solution does not create 8 VS but only 1 balancing connections based on this cookie value.

     

    This is the easiest workaround to solve your issue...

     

  • Hi Gizmo,

    If you want to hide the visible URL in your browsers location bar, then you could replace the initial redirect with a [HTTP::respond 200], delivering a simple HTML page containing a ... as a wrapper for the individual login pages.

    https://en.wikipedia.org/wiki/HTML_elementFrames

    In this case the browser bar would just stick to the URL of the wrapper, so that the URLs within the </code> would become hidden from end users. But this technique should be considered as a "dirty hack" since it has some usage limitations and also compability issues...BTW: Keep in mind, when using <code><iFrame></code> you may have to inject/replace <code>Access-Control-Allow-Origin</code> headers to the individual login sites, so that your TCP:443 site is allowed to <code><iFrame></code> the TCP:946X pages.

    Cheers, Kai

  • Thank you for your helps. I forwarded this issue to system team to solve, because there is no way to hide port number on url by F5.