ProxySG & Advanced Secure Gateway

 View Only

 How to should I do to change Location header URL of 301 Code from http to https ?

Yoshinori Kobayashi's profile image
Yoshinori Kobayashi posted Jan 18, 2021 01:42 AM
Dear Sirs,

I am writing in regard to the “#(config)http location-header-rewrite” CLI Command.

The ProxySG is built Reverse Proxy.
When the Server response 301 Code, the Location header is written “http:” URL.
I would like to return the 301 Code with “https:” URL Location header.
For example, the Server return the 301 with Location header = http://aaa.bbb.com” to ProxySG.
I would like to return the 301 with Location header = “https://aaa.bbb.com from ProxySG to Client.

In order that the above movement is realized, have I to run the “#(config)http location-header-rewrite” CLI command ?
If incorrect, could you show the correct (recommended) manner to realize above movement ?

I would like to get the reply for this right now.
Paul Riddington's profile image
Paul Riddington posted Jan 18, 2021 08:34 AM
Hello Yoshinori,

You could use the method described at https://knowledge.broadcom.com/external/article/169783/policy-to-force-clients-to-use-http-stri.html to force the client to use https for the site in question, or add a redirect in your policy from http to https. The problem is that the backend server may just continue to redirect it back to http once the request is resent by the client.

Regards
Paul Riddington
Yoshinori Kobayashi's profile image
Yoshinori Kobayashi posted Jan 19, 2021 04:57 AM
Hello Paul;

I read the following knowledge you presented.

https://knowledge.broadcom.com/external/article/169783/policy-to-force-clients-to-use-http-stri.html

On the manner of the above knowledge, the HSTS value is added into the 301 Response.
I do not want to use the HSTS function.
I would like to rewrite the URL of Location Header from http:// to https:// on 301 Response.
Could you show the method ( or sample CPL ) to realize this rewrite ?
Yoshinori Kobayashi's profile image
Yoshinori Kobayashi posted Jan 19, 2021 05:35 AM
Hello Paul;

I try to write the CPL as following.
Can this CPL realize my expected behavior ?
Could you show your view for this ?

<Proxy>

response.header.content-Location=http://example.com action.sample_rewrite(yes)

define action sample_rewrite
rewrite(Location, "^http://example.com/","https://example.com" )
end


Regards,
Y.Kobayashi
Paul Riddington's profile image
Paul Riddington posted Jan 19, 2021 10:27 AM
Hello Yoshinori,

This seems to be valid CPL for modifying the location header. My only concern is that the client will make a further request based on the value in the header, but the internal server will again redirect it back to http thus causing a loop.

Regards
Paul
Yoshinori Kobayashi's profile image
Yoshinori Kobayashi posted Jan 21, 2021 05:32 AM

Hello Paul;

 

Thank you for your help.

I can achieve the expected behavior.

 

Thank you so much.

 

Regards,

Y.Kobayashi