3.2.2. Procedure – Using sed in one-sided HTTPS

Purpose: 

If a server application does not support secure connections, or uses absolute links and this behavior cannot be modified, Application-level Gateway can change the URLs in the traffic. This can be accomplished by stacking a sed (stream editor) Linux command (or if needed, a complete shell script) into the proxy.

Steps: 

  1. Navigate to Application-level Gateway > Proxies, and select the HTTP proxy configured to handle one-sided SSL connections, or create a new one (for example, HttpSedProxy).

  2. Add self.response_stack attribute to the Changed config attributes panel, then click Edit. (You need the self.response_stack attribute, because the response of the server has to be changed.)

  3. Click New, then enter *.

  4. Select the Type column, then select type_http_stk_data.

  5. Click Edit, select the row containing zorp_stack, then click Edit again.

  6. Select Stacking type > Program, and enter the command to be executed: sed -e 's|http://|https://|g'

    For details on the sed command, see the sed manual pages.

    Note

    The example sed command modifies all absolute links that appear in the traffic, that is, even links pointing to an external site will be modified. If possible, use at least the full domain name of the server in the sed command to avoid this problem (for example, sed -e 's|http://www.example.com/|https://www.example.com|g'). Be as specific as possible.

    Python:

    self.response_stack["*"]=(HTTP_STK_DATA, (Z_STACK_PROGRAM, "sed -e 's|http://|https://|g'"))
  7. Create a service that will use this new proxy (for example, HttpSedProxy).