Welcome to WebmasterWorld Guest from 54.167.216.93

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Modify body data

body

     
12:54 am on Apr 11, 2014 (gmt 0)

5+ Year Member



I've been tasked with investigating a way for us to modify the response data our applications are serving up. Essentially content authors are using HTTP links inside the response body on HTTPS connections. The customers don't like that and the developers are saying they can't control the authors (marketing, communications teams, etc.) to enforce these rules. We're looking at options to have apache change all links in the response body to HTTPS based upon a specific cookie or other criteria. I'm aware of mod_substitute and plan on testing that to see what the real performance hit would be. I've also heard a web application firewall can possibly do those functions so I'm looking into mod_security as well. Does anyone else have experience with modifying the response body data? Good or bad doesn't matter. We're also investigating implementing this another layer up with the F5 via an irule. Thanks
8:39 pm on Apr 15, 2014 (gmt 0)

5+ Year Member



So it seems mod_substitute is all or nothing. I'm only trying to match based upon a cookie or other unique criteria. It seems mod_filter may work as well, but I'm having trouble understanding what it can really match on. The documentation says:

mod_filter by contrast gives server administrators a great deal of flexibility in configuring the filter chain. In fact, filters can be inserted based on any Request Header, Response Header or Environment Variable. This generalises the limited flexibility offered by AddOutputFilterByType, and fixes it to work correctly with dynamic content, regardless of the content generator. The ability to dispatch based on Environment Variables offers the full flexibility of configuration with mod_rewrite to anyone who needs it.


Would I just use the same options as mod_rewrite like %{HTTP_COOKIE}?
1:20 am on Apr 16, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Yikes, how did the initial question go unanswered all this time? Answer: Because it requires someone who speaks Apache. If it were simply a matter of whipping up a Regular Expression, there would be no problems ;)
5:34 am on Apr 16, 2014 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Just trying to get my head around this:

Essentially content authors are using HTTP links inside the response body on HTTPS connections.


And you want to do what...? Change these to HTTPS?
7:14 am on Apr 16, 2014 (gmt 0)

5+ Year Member



Yes, they want all HTTP links in the body changed to HTTPS for users with specific cookies.
11:27 pm on Apr 28, 2014 (gmt 0)

5+ Year Member



I'm still banging my head on this and came across mod_parp [parp.sourceforge.net ]. It says it can parse request data and pass the parameters to other modules. Looks straight forward to enable, but actually getting the data appears to require some decent coding skills. Support for this mod is pretty much non-existant which probably gives me a hint as to how useful it really is. Anyone here ever tried using it before or any suggestions? I'm thinking I could use it to help get cookie info passed onto mod_substitute.
2:55 am on Apr 29, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Can't help but wonder if this really has to be done in apache. Seems like it would be a lot more painless if you could shift it somewhere upstream, into whatever language it is that processes your content in the first place.
7:47 am on Apr 29, 2014 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



why not just externally redirect the http: requests to https: under the required conditions.
4:41 pm on Apr 29, 2014 (gmt 0)

5+ Year Member



I agree with both of you completely, but customers are the ones complaining because they don't want any HTTP links inside the content being sent to them. The dev team has one option upstream, but it doesn't cover all content so that's why they'd like it done on apache since it's the last leg in the chain.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month