Netscaler: URLTransform to vserver

Question

I found this example for using netscaler to rewrite requests to an internal server on a specific port.

set transform action trans_action_RSA_SS -priority 1000 -reqUrlFrom "https://rsa.domain.public" -reqUrlInto “https://rsa.domain.local:7004″ -resUrlFrom "https://rsa.domain.local:7004″ -resUrlInto "https://rsa.domain.public"

I'd like to expand on the example to point the local destination at a vserver.

Assume my vserver is called INTERNALVSERVER and also assume that it is configured as a load balancer in front of 3 nodes (I suspect the specifics of that are irrelevant to this situation).

I just want to ensure that my urltransform applies to my vserver properly. Conceptually I'm going for something like this:

set transform action trans_action_RSA_SS -priority 1000 -reqUrlFrom "https://rsa.domain.public" -reqUrlInto “https://INTERNALVSERVER:7004″ -resUrlFrom "https://INTERNALVSERVER:7004″ -resUrlInto "https://rsa.domain.public"

score 0 · Answer 1 · answered May 18 '15 at 01:17

Apparently the example would work as advertised as long as https://rsa.domain.local points at a vserver/service group. So there's no need to change anything in the rules, just make sure "rsa.domain.local" or the equivalent for your setup is pointing to the right place.

score 0 · Answer 2 · answered Jul 11 '16 at 04:45

Although above solution would work, from web-server's security perspective it's not good idea to do direct URL transformation of external URL to internal as it would make your internal web server vulnerable to denial of service attack. Also, if your web-admin has not secure web-server, SQL-injection would create big enough of problems for you.

Instead, I would suggest you to do LB and responders to pick/channel valid URL traffic and discard all other web-traffic.

Netscaler: URLTransform to vserver

2 Answers2