ProxySG & Advanced Secure Gateway

Hi All,

i need some help with the rewriting of a wildcard domain and I am hoping someone on here can help me!

Without the need of going into too much detail, we need to be able to rewrite from HTTP to HTTPS for an entire Microsoft domain, specifically for Windows Virtual Desktop (WVD) in Azure.

I have used the following CPL configuration and it seems to do the job although we are seeing some issues....

Rewrite URL to HTTPS for all hosts in the *.wvd.microsoft.com domain
define action Azure-WVD-Rewrite
rewrite(url, "^http://(.*)\.wvd\.microsoft\.com/(.*)", https://$(1).wvd.microsoft.com/$(2)")
end

<proxy>
url.regex="^http://(.*)\.wvd\.microsoft\.com/(.*)" action.Azure-WVD-Rewrite(yes)

This works fine for the host element of the URL. I can see in the policy trace that all hosts are being rewritten to to HTTPS and connects fine initially. 

The problem comes with the URI path. When you connect to the virtual desktop I can see in the policy trace that the rewritten URL is different to the URL that comes into the proxy. It seems to change certain characters such as '{'' or '+' with a %7A or %7B

Incoming URL: http://rdweb.wvd.microsoft.com/client?=abcdefgh{abc-123-asd}xyz+123456
Rewittent URL: https://rdweb.wvd.microsoft.com/client?=abcdefgh%7Aabc-123-asd%7Bxyz%7A123456

This results in a failure to launch any desktops and I cannot understand why.

Any help would be appreciated.

Thanks
John

Hello Josh, 

Thank you for providing the examples and some details, but without know more details i would like to recommend this code instead of what you have and perhaps it will address the issue at hand, i have modded it to your cause, copy and paste as is:
Replace what you have with the this bellow.

;=============Begin Azure-WVD-Rewrites==============
<proxy>
url.substring="wvd.microsoft.com" url.scheme=http action.Azure-WVD-Rewrites(yes)

define action Azure-WVD-Rewrites
redirect(302, "http://(.*)", "https://$(1)" );
end
;=============END Azure-WVD-Rewrites==============

I hope this helps.

SLava V

Original Message:
Sent: 06-24-2020 05:24 AM
From: John Quick
Subject: Wildcard HTTP to HTTPS Rewrite

Hi All,

i need some help with the rewriting of a wildcard domain and I am hoping someone on here can help me!

Without the need of going into too much detail, we need to be able to rewrite from HTTP to HTTPS for an entire Microsoft domain, specifically for Windows Virtual Desktop (WVD) in Azure.

I have used the following CPL configuration and it seems to do the job although we are seeing some issues....

Rewrite URL to HTTPS for all hosts in the *.wvd.microsoft.com domaindefine action Azure-WVD-Rewriterewrite(url, "^http://(.*)\.wvd\.microsoft\.com/(.*)", https://$(1).wvd.microsoft.com/$(2)")end<proxy>url.regex="^http://(.*)\.wvd\.microsoft\.com/(.*)" action.Azure-WVD-Rewrite(yes)

This works fine for the host element of the URL. I can see in the policy trace that all hosts are being rewritten to to HTTPS and connects fine initially.

The problem comes with the URI path. When you connect to the virtual desktop I can see in the policy trace that the rewritten URL is different to the URL that comes into the proxy. It seems to change certain characters such as '{'' or '+' with a %7A or %7B

Incoming URL: http://rdweb.wvd.microsoft.com/client?=abcdefgh{abc-123-asd}xyz+123456
Rewittent URL: https://rdweb.wvd.microsoft.com/client?=abcdefgh%7Aabc-123-asd%7Bxyz%7A123456

This results in a failure to launch any desktops and I cannot understand why.

Any help would be appreciated.

Thanks
John