Forum Discussion

Modena_'s avatar
Modena_
Icon for Nimbostratus rankNimbostratus
Oct 27, 2017

Change the 302 URL that APM sends back (the original URL requested by client)

Hi,

APM seems to work like this;

1) use goes to http://www.url.com/foo/bar

2) APM presents login screen, user authenticates

3) upon successfull authentication, APM sends a 302 back to the client with Location header http://www.url.com/foo/bar

I need to change the location in the 302 to something different based on an APM session variable. But leaving aside the APM session variable, it seems I'm unable to modify the 302 that APM is sending back.

I have spent way to long trying the likes of;

when CLIENT_ACCEPTED {
     ACCESS::restrict_irule_events disable
 }

when HTTP_RESPONSE {

log local0. [HTTP::header names]

if { [HTTP::status] == "302" and [HTTP::header "Location"] contains "wsignin" } {

    HTTP::header replace "Location" "http://www.google.com"

}

}

log local0. [HTTP::header names] <-- this does NOT show any "Location" header, just "Content-Length Content-Type Expires ETag Server Date", however in the browser development tools I do see the Location header in the 302

5 Replies

  • note that the "HTTP::header replace" function does work on headers sent back from the pool member web servers, but it does not work on the 302 that is sent by APM.

     

  • THi's avatar
    THi
    Icon for Nimbostratus rankNimbostratus

    Try HTTP_RESPONSE_RELEASE event instead of the HTTP_RESPONSE. For me it worked in a bit similar case where I needed to rewrite a header which APM had inserted to the response.

     

  • Ok sort of had to change things around, but yes I managed to get it working by changing the location header with HTTP_RESPONSE_RELEASE, thanks !

     

  • THi's avatar
    THi
    Icon for Nimbostratus rankNimbostratus

    The HTTP_REQUEST_RELEASE and HTTP_RESPONSE_RELEASE events are the last points at L7 before the packets hit the wire, see : HTTP Event Order -- Access Policy Manager

     

    "two new events were added in v11.0 to provide these last chance inspection points, aptly named HTTP_REQUEST_RELEASE and HTTP_RESPONSE_RELEASE. On the serverside, you can now inspect what APM (or any other module) has done to the request before it hits the wire on the way to the server, and likewise, on the clientside, what APM has done to the response before it hits the wire on the way to the client."