Rewrite Policy for Converting HTTP Links to HTTPS Does Not Work on NetScaler

Rewrite Policy for Converting HTTP Links to HTTPS Does Not Work on NetScaler

book

Article ID: CTX122916

calendar_today

Updated On:

Description

The rewrite policy for converting HTTP links to HTTPS does not work.

The following is an example of the action:
add rewrite action test_action replace_all "http.RES.BODY(2500)" "\"https://\"" -pattern http://

Resolution

Complete the following steps to resolve this issue:

  1. Delete the Accept-Encoding header by adding a rewrite action and policy:
    add rewrite action delete1 delete_http_header "Accept-Encoding" -bypassSafetyCheck YES
    add rewrite policy test HTTP.REQ.IS_VALID delete1

  2. Bind it globally or at the virtual server level.

A rewrite policy ensures that accept-encoding header is deleted for all requests that meets the specific criteria.

Problem Cause

The trace analysis revealed that the back end server was sending compressed responses. The NetScaler cannot rewrite if there are compressed responses from the back end server.

Issue/Introduction

The rewrite policy for converting HTTP links to HTTPS does not work.

Additional Information

Troubleshooting Methodology

  1. The trace analysis revealed that the back end server was sending compressed responses. The NetScaler cannot rewrite if there are compressed responses from the back end server.

  2. For compressed responses the solution is to turn off compression on the back end and turn it on at the NetScaler. Compression can be turned off at the back end by making sure the Accept-Encoding header is not sent to the back end server when the request is forwarded to the NetScaler. However turning Off servercmp parameter did not fix the problem:

  3. To stop the back end server from sending compressed responses, it is recommended to delete the Accept-Encoding header by turning off the servercmp parameter.
    set cmp parameter -serverCmp OFF

  4. Despite turning the servercmp parameter off, there was compressed responses from the back end server and rewrite was not working. In the traces, it is observed that the Accept-Encoding header is still going to the back end because the Content-Encoding: gzip header was still being received in the responses from the back end. The reason why the serverCmp parameter did not work is because the compression was not enabled on those services. The only time the servercmp parameter kicks in is if compression is active on that particular service and NetScaler thinks it can compress the object, then it removes the accept-encoding header. So even for the default no compress policies, we do not delete the accept-Encoding header even if compression is enabled on the service.

  5. A rewrite policy to delete the accept-encoding header is a better solution than turning off the servercmp parameter because there are still other situations when the NetScaler does not delete the accept-encoding header even if compression is enabled.

Powered by Wolken Software