Modify body data

Forum Moderators: phranque

Message Too Old, No Replies

Modify body data

body

dfresh4130

12:54 am on Apr 11, 2014 (gmt 0)

I've been tasked with investigating a way for us to modify the response data our applications are serving up. Essentially content authors are using HTTP links inside the response body on HTTPS connections. The customers don't like that and the developers are saying they can't control the authors (marketing, communications teams, etc.) to enforce these rules. We're looking at options to have apache change all links in the response body to HTTPS based upon a specific cookie or other criteria. I'm aware of mod_substitute and plan on testing that to see what the real performance hit would be. I've also heard a web application firewall can possibly do those functions so I'm looking into mod_security as well. Does anyone else have experience with modifying the response body data? Good or bad doesn't matter. We're also investigating implementing this another layer up with the F5 via an irule. Thanks

dfresh4130

8:39 pm on Apr 15, 2014 (gmt 0)

So it seems mod_substitute is all or nothing. I'm only trying to match based upon a cookie or other unique criteria. It seems mod_filter may work as well, but I'm having trouble understanding what it can really match on. The documentation says:

mod_filter by contrast gives server administrators a great deal of flexibility in configuring the filter chain. In fact, filters can be inserted based on any Request Header, Response Header or Environment Variable. This generalises the limited flexibility offered by AddOutputFilterByType, and fixes it to work correctly with dynamic content, regardless of the content generator. The ability to dispatch based on Environment Variables offers the full flexibility of configuration with mod_rewrite to anyone who needs it.

Would I just use the same options as mod_rewrite like %{HTTP_COOKIE}?

lucy24

1:20 am on Apr 16, 2014 (gmt 0)

Yikes, how did the initial question go unanswered all this time? Answer: Because it requires someone who speaks Apache. If it were simply a matter of whipping up a Regular Expression, there would be no problems ;)

tangor

5:34 am on Apr 16, 2014 (gmt 0)

Just trying to get my head around this:

Essentially content authors are using HTTP links inside the response body on HTTPS connections.

And you want to do what...? Change these to HTTPS?

dfresh4130

7:14 am on Apr 16, 2014 (gmt 0)

Yes, they want all HTTP links in the body changed to HTTPS for users with specific cookies.

dfresh4130

11:27 pm on Apr 28, 2014 (gmt 0)

I'm still banging my head on this and came across mod_parp [parp.sourceforge.net ]. It says it can parse request data and pass the parameters to other modules. Looks straight forward to enable, but actually getting the data appears to require some decent coding skills. Support for this mod is pretty much non-existant which probably gives me a hint as to how useful it really is. Anyone here ever tried using it before or any suggestions? I'm thinking I could use it to help get cookie info passed onto mod_substitute.

lucy24

2:55 am on Apr 29, 2014 (gmt 0)

Can't help but wonder if this really has to be done in apache. Seems like it would be a lot more painless if you could shift it somewhere upstream, into whatever language it is that processes your content in the first place.

phranque

7:47 am on Apr 29, 2014 (gmt 0)

why not just externally redirect the http: requests to https: under the required conditions.

dfresh4130

4:41 pm on Apr 29, 2014 (gmt 0)

I agree with both of you completely, but customers are the ones complaining because they don't want any HTTP links inside the content being sent to them. The dev team has one option upstream, but it doesn't cover all content so that's why they'd like it done on apache since it's the last leg in the chain.

Modify body data

body

dfresh4130

dfresh4130

lucy24

tangor

dfresh4130

dfresh4130

lucy24

phranque

dfresh4130

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week