homepage Welcome to WebmasterWorld Guest from 54.204.94.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Modify body data
body
dfresh4130




msg:4662199
 12:54 am on Apr 11, 2014 (gmt 0)

I've been tasked with investigating a way for us to modify the response data our applications are serving up. Essentially content authors are using HTTP links inside the response body on HTTPS connections. The customers don't like that and the developers are saying they can't control the authors (marketing, communications teams, etc.) to enforce these rules. We're looking at options to have apache change all links in the response body to HTTPS based upon a specific cookie or other criteria. I'm aware of mod_substitute and plan on testing that to see what the real performance hit would be. I've also heard a web application firewall can possibly do those functions so I'm looking into mod_security as well. Does anyone else have experience with modifying the response body data? Good or bad doesn't matter. We're also investigating implementing this another layer up with the F5 via an irule. Thanks

 

dfresh4130




msg:4663350
 8:39 pm on Apr 15, 2014 (gmt 0)

So it seems mod_substitute is all or nothing. I'm only trying to match based upon a cookie or other unique criteria. It seems mod_filter may work as well, but I'm having trouble understanding what it can really match on. The documentation says:

mod_filter by contrast gives server administrators a great deal of flexibility in configuring the filter chain. In fact, filters can be inserted based on any Request Header, Response Header or Environment Variable. This generalises the limited flexibility offered by AddOutputFilterByType, and fixes it to work correctly with dynamic content, regardless of the content generator. The ability to dispatch based on Environment Variables offers the full flexibility of configuration with mod_rewrite to anyone who needs it.


Would I just use the same options as mod_rewrite like %{HTTP_COOKIE}?

lucy24




msg:4663383
 1:20 am on Apr 16, 2014 (gmt 0)

Yikes, how did the initial question go unanswered all this time? Answer: Because it requires someone who speaks Apache. If it were simply a matter of whipping up a Regular Expression, there would be no problems ;)

tangor




msg:4663389
 5:34 am on Apr 16, 2014 (gmt 0)

Just trying to get my head around this:

Essentially content authors are using HTTP links inside the response body on HTTPS connections.


And you want to do what...? Change these to HTTPS?

dfresh4130




msg:4663396
 7:14 am on Apr 16, 2014 (gmt 0)

Yes, they want all HTTP links in the body changed to HTTPS for users with specific cookies.

dfresh4130




msg:4666616
 11:27 pm on Apr 28, 2014 (gmt 0)

I'm still banging my head on this and came across mod_parp [parp.sourceforge.net ]. It says it can parse request data and pass the parameters to other modules. Looks straight forward to enable, but actually getting the data appears to require some decent coding skills. Support for this mod is pretty much non-existant which probably gives me a hint as to how useful it really is. Anyone here ever tried using it before or any suggestions? I'm thinking I could use it to help get cookie info passed onto mod_substitute.

lucy24




msg:4666642
 2:55 am on Apr 29, 2014 (gmt 0)

Can't help but wonder if this really has to be done in apache. Seems like it would be a lot more painless if you could shift it somewhere upstream, into whatever language it is that processes your content in the first place.

phranque




msg:4666694
 7:47 am on Apr 29, 2014 (gmt 0)

why not just externally redirect the http: requests to https: under the required conditions.

dfresh4130




msg:4666936
 4:41 pm on Apr 29, 2014 (gmt 0)

I agree with both of you completely, but customers are the ones complaining because they don't want any HTTP links inside the content being sent to them. The dev team has one option upstream, but it doesn't cover all content so that's why they'd like it done on apache since it's the last leg in the chain.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved