flightPATH

The Library — flightPATH page allows you to view and update the flightPATH rules on the jetNEXUS ALB-X. The settings are organised in the
following sections:

Although some components of flightPATH are IP objects, such as Source IP flightpath, they can only be applied to a Service Type.

 

What is flightPATH?

flightPATH
is a rule engine developed by edgeNEXUS to intelligently manipulate and
route HTTP and HTTPS traffic. It is highly configurable, very powerful
and yet very easy to use.

Although some components of flightPATH are IP objects such as Source IP flightPATH can only be applied to a Service Type equal to HTTP. If you choose any other service type then the flightPATH tab in IP Services will be blank.

A flightPATH rule has three components:

Condition:
Set multiple criteria to trigger the rule.

Evaluation:
 

Variables that can be used in the Action.

Action:

The behaviour once the rule has triggered.

What can flightPATH do?

  • flightPATH can be used to modify Incoming and Outgoing HTTP(s) content and
    requests.
  • As well as using simple string matches such as “Starts with”,
    “Ends With” etc. For more complete control powerful Perl Compatible
    Regular Expressions can be implemented.
  • For more on Regular Expressions please see this useful site https://www.regexbuddy.com/regex.html
  • In addition, custom variables can be created and used in the Action enabling many different possibilities.

 

 

Details

The details section contains
the name and description of all of the flightPATH rules configured on
the ALB-X. As you click on a rule the details of the rule will show in
the section below.

To add a new flightPATH rule click Add New and give your rule a Name and Description then click Update to save this section.

 

 

 

 

Condition

  • New conditions can be added by clicking, Add New button.
  • Multiple conditions can be used but ALL must be met for the rule to execute.
  • To use an OR you would need to create an additional flightPATH rule and apply this in IP Services.
  • Each condition contains three elements and a value or not depending on the condition.
 

 

Condition:

Select
from the drop down list. You can start typing and the option will
auto-show, you can now select with arrow keys and tab to the next column


Match:

Select from the drop down list or type your match. Depending
on the Condition, the Match maybe blank. For example if the Condition is Request Header the match might be User-Agent


Sense:

Select from the drop down list. There are only two option Does and Doesn’t


Check:

Select from the drop down list. For a simple check use something like Start, End or Contain. If you wish to have more than one Check in the same line then please use Match Regex. Example Check = Match RegEx, Value = item1|intem2|item3Note: Match Regex uses Perl Compatible Regular Expression (PCRE). More information can be found at https://www.regexbuddy.com/


Value:

Manually type the value. This may be a text string or a regular expression.

 

Condition

Description

Example

<form> HTML forms are used to pass data to a server Example “form doesn’t have length 0”
GEO Location This compares the source IP address to the ISO 3166 Country Code GEO Location does equal GB OR GEO Location does equal Germany
Host This is the host extracted from the URL www.mywebsite.com or 192.168.1.1
Language This is the Language extracted from the language HTTP header This condition will produce a dropdown with a list of Languages
Method This is a drop down of HTTP methods This is a drop down that includes GET, POST etc
Origin IP If upstream proxy supports X-Forwarded-for (XFF) it will use the true Origin address Client IP. Can also use multiple IP’s or subnets. 

10\.1\.2\.* is 10.1.2.0 /24 subnet
10\.1\.2\.3|10\.1\.2\.4 Use | for multiple IP’s

Path This is the path of the website /mywebsite/index.asp
POST POST request method Check data being uploaded to a website
Query This is the name and Value of a Query as such it can either accept the query name or a value also “Best=jetNEXUS” Where the Match is Best and the Value is edgeNEXUS
Query String The whole query string after the ? character  
Request Cookie This is the name of a cookie requested by a  client MS-WSMAN=afYfn1CDqqCDqUD::
Request Header This can be any HTTP Header Referrer, User-Agent, From, Date
Request Version This is the HTTP version HTTP/1.0 OR HTTP/1.1
Response Body A user defined string in the response body Server UP
Response Code The http code for the response 200 OK, 304 Not Modified
Response Cookie This is the name of a cookie sent by the server MS-WSMAN=afYfn1CDqqCDqUD::
Response Header This can be any HTTP Header Referrer, User-Agent, From, Date
Response Version The HTTP version sent by the server HTTP/1.0 OR HTTP/1.1
Source IP This is either the origin IP, proxy server IP or some other aggregated IP address Client
IP, Proxy IP, Firewall IP. Can also use multiple IP’s and subnets. You
must escape the dots as these are RegEX. Example 10\.1\.2\.3 is 10.1.2.3

 

Match

Description

Example

Accept Content-Types that are acceptable Accept: text/plain
Accept-Encoding Acceptable encodings Accept-Encoding: <compress | gzip | deflate | sdch | identity>
Accept-Language Acceptable languages for response Accept-Language: en-US
Accept-Ranges What partial content range types this server supports Accept-Ranges: bytes
Authorization Authentication credentials for HTTP authentication Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Charge-To Contains account information for the costs of the application of the method requested  
Content-Encoding The type of encoding used on the data. Content-Encoding: gzip
Content-Length The length of the response body in Octets (8-bit bytes) Content-Length: 348
Content-Type The mime type of the body of the request (used with POST and PUT requests) Content-Type: application/x-www-form-urlencoded
Cookie A HTTP cookie previously sent by the server with Set-Cookie (below) Cookie: $Version=1; Skin=new;
Date Date and time at message was originated Date = “Date” “:” HTTP-date
ETag An identifier for a specific version of a resource, often a message digest ETag: “aed6bdb8e090cd1:0”
From The email address of the user making the request From: user@example.com
If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
Last-Modified The last modified date for the requested object, in RFC 2822 format Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
Pragma Implementation-specific headers that may have various effects anywhere along the request-response chain. Pragma: no-cache
Referrer This is the address of the previous web page from which a link to the currently requested page was followed Referrer: http://www.edgenexus.io
Server A name for the server Server: Apache/2.4.1 (Unix)
Set-Cookie A HTTP cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
User-Agent The user agent string of the user agent User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Vary Tells downstream proxies how to match future request headers to decide
whether the cached response can be used rather than requesting a fresh
one from the origin server
Vary: User-Agent
X-Powered-By Specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application X-Powered-By: PHP/5.4.0

 

Check

Description

Example

Exist This does not care for the detail of the condition just that it does/doesn’t exist Host — Does — Exist
Start The string starts with the Value Path — Does — Start — /secure
End The string ends with the Value Path — Does — End — .jpg
Contain The string does contain the Value Request Header — Accept — Does — Contain — image
Equal The string does Equal the Value Host — Does — Equal — www.jetnexus.com
Have Length The string does have length of the value Host — Does — Have Length — 16
www.jetnexus.com = TRUE
www.jetnexus.co.uk = FALSE
Match RegEx This enables you to enter a full Perl compatible regular expression Origin IP — Does — Match Regex — 10\..* | 11\..*

 

Example:

  • The example below has two conditions and BOTH must be met to carry out the action
  • The first is checking that the requested object is an image
  • The second is checking for a specific hostname

 

 

Evaluation

 

 

Adding a Variable is a very powerful feature that will allow you to extract data from the request and include this in the actions. For example you could log a user username or send an email if there is a security problem.

  • Variable: This must start and end with a $ symbol
  • Source: Select from the drop down box the source of the variable
  • Detail: Select from the list when relevant. If the Source=Request Header the Details could be User-Agent
  • Value: Enter the text or regular expression to fine tune the variable.

Built-in Variables:

  • Built-In variables have already been hard coded so you do not need to create an evaluation entry for these.
  • You can use any of the variable listed below in your action
  • The explanation for each variable is located in the “Condition” table above
    1. Method = $method$
    2. Path = $path$
    3. Querystring = $querystring$
    4. Sourceip = $sourceip$
    5. Response code (text also included “200 OK”) = $resp$
    6. Host = $host$
    7. Version = $version$
    8. Clientport = $clientport$
    9. Clientip = $clientip$
    10. Geolocation = $geolocation$”

Example Action:

  1. Action = Redirect 302
    • Target = https://$host$/404.html
  2. Action = Log
    1. Target = A client from $sourceip$:$sourceport$ has just made a request $path$ page

Explanation:

  • A client accessing page that does not exist would ordinarily be presented with a browsers 404 page
  • In this instance the user is redirected to the original hostname they used but the wrong path is replaced with 404.html
  • An entry is added to the syslog saying “A client from 154.3.22.14:3454 has just made a request to wrong.html page”

 

 

Source

Description

Example

Cookie This is the name and value of the cookie header MS-WSMAN=afYfn1CDqqCDqUD::Where the name is MS-WSMAN and the value is afYfn1CDqqCDqUD::
Host This is the hostname extracted from the URL www.mywebsite.com or 192.168.1.1
Language This is the language extracted from the Language HTTP header This condition will produce a dropdown with a list of languages.
Method This is a drop down of HTTP methods The dropdown will include GET, POST
Path This is the path of the website /mywebsite/index.html
POST POST request method Check data being uploaded to a website
Query Item This is the name and value of a query. As such it can either accept the query name or a value also “Best=jetNEXUS” Where the Match is Best and the Value is edgeNEXUS
Query String This is the whole string after the ? character http://server/path/program?query_string
Request Header This can be any header sent by the client Referrer, User-Agent, From, Date…
Response Header This can be any header sent by the server Referrer, User-Agent, From, Date…
Version This is the HTTP version HTTP/1.0 or HTTP/1.1

 

Detail

Description

Example

Accept Content-Types that are acceptable Accept: text/plain
Accept-Encoding Acceptable encodings Accept-Encoding: <compress | gzip | deflate | sdch | identity>
Accept-Language Acceptable languages for response Accept-Language: en-US
Accept-Ranges What partial content range types this server supports Accept-Ranges: bytes
Authorization Authentication credentials for HTTP authentication Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Charge-To Contains account information for the costs of the application of the method requested  
Content-Encoding The type of encoding used on the data. Content-Encoding: gzip
Content-Length The length of the response body in Octets (8-bit bytes) Content-Length: 348
Content-Type The mime type of the body of the request (used with POST and PUT requests) Content-Type: application/x-www-form-urlencoded
Cookie a HTTP cookie previously sent by the server with Set-Cookie (below) Cookie: $Version=1; Skin=new;
Date Date and time at which
the message was originated
Date = “Date” “:” HTTP-date
ETag An identifier for a specific version of a resource, often a message digest ETag: “aed6bdb8e090cd1:0”
From The email address of the user making the request From: user@example.com
If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
Last-Modified The last modified date for the requested object, in RFC 2822 format Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
Pragma Implementation-specific headers that may have various effects anywhere along the request-response chain. Pragma: no-cache
Referrer This is the address of the previous web page from which a link to the currently requested page was followed Referrer: http://www.edgenexus.io
Server A name for the server Server: Apache/2.4.1 (Unix)
Set-Cookie an HTTP cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
User-Agent The user agent string of the user agent User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Vary Tells
downstream proxies how to match future request headers to decide
whether the cached response can be used rather than requesting a fresh
one from the origin server
Vary: User-Agent
X-Powered-By Specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application X-Powered-By: PHP/5.4.0

 

 

 

Action

The action is the task or tasks that are enabled once the condition or conditions have been met.

Action:

Double click on the Action column to view drop down list.


Target:

Double click on the Target column to
view the drop down list. The list will change depending on the Action.
You may also type manually with some actions.


Data:

Double click on the Data column to manually add your data that you wish to add or replace.

The list of all the actions are detailed below:

 

 

Action

Description

Example

Add Request Cookie Add request cookie detailed in the Target section with value in Data section Target= Cookie 

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Add Request Header Add a request header of Target type with value in Data section Target= Accept 

Data= image/png

Add Response Cookie Add Response Cookie detailed in the Target section with value in Data section Target= Cookie 

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Add Response Header Add request header detailed in the Target section with value in the Data section Target= Cache-Control 

Data= max-age=8888888

Body Replace All Search the Response Body and replace all instances Target= http:// (Search string) 

Data= https:// (Replacement string)

Body Replace First Search the Response Body and replace first instance only Target= http:// (Search string) 

Data= https:// (Replacement string)

Body Replace Last Search the Response Body and replace last instance only Target= http:// (Search string) 

Data= https:// (Replacement string)

Drop This will drop the connection Target= N/A 

Data= N/A

e-Mail Will send an email to the address configured in Email Events. You can use a variable as the address or the message Target= “flightPATH has emailed this event” 

Data= N/A

Log Event This will log an event to the System log Target= “flightPATH has logged this in syslog” 

Data= N/A

Redirect 301 This will issue a permanent redirect Target= http://www.edgenexus.io
Data= N/A
Redirect 302 This will issue a temporary redirect Target= http://www.edgenexus.io
Data= N/A
Remove Request Cookie Remove request cookie detailed in the Target section Target= Cookie 

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Remove Request Header Remove request header detailed in the Target section Target=Server
Data=N/A
Remove Response Cookie Remove response cookie detailed in the Target section Target=jnAccel
Remove Response Header Remove the response header detailed in Target section Target= Etag 

Data= N/A

Replace Request Cookie Replace request cookie detailed in the Target section with value in the Data section Target= Cookie 

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Replace Request Header Replace request header in the Target with Data value Target= Connection 

Data= keep-alive

Replace Response Cookie Replace the response cookie detailed in Target section with value in Data section Target=jnAccel=afYfn1CDqqCDqCVii
Date=MS-WSMAN=afYfn1CDqqCDqCVii
Replace Response Header Replace the response header detailed in Target section with value in Data section Target= Server 

Data= Withheld for Security

Rewrite Path This will allow you to redirect the request to new URL based on the condition Target= /test/path/index.html$querystring$ 

Data= N/A

Use Secure Server Select which secure server or virtual service to use Target=192.168.101:443
Data=N/A
Use Server Select which server or virtual service  to use Target= 192.168.101:80
Data= N/A
Encrypt Cookie This will 3DES Encrypt cookies and then base64 encode them Target= Enter the cookie name to be encrypted, you may use the * as a wild card at the end
Data= Enter a pass phrase for the encryption

 

Example:

The action below will issue a temporary redirect to the browser to a secure
HTTPS Virtual Service. It will use the same hostname, path and querystring as
the request.

 

 

 

 

 

Common Uses:

Application Firewall and Security:

  • Block unwanted IPs
  • Force user to HTTPS for specific (or all) content
  • Block or redirect spiders
  • Prevent and alert cross site scripting
  • Prevent and alert SQL injection
  • Hide internal directory structure
  • Rewrite cookies
  • Secure directory for particular users

Features:

  • Redirect users based on path
  • Provide Single sign on across multiple systems
  • Segment users based on User ID or Cookie
  • Add headers for SSL offload
  • Language detection
  • Rewrite user request
  • Fix broken URLs
  • Log and Email Alert 404 response codes
  • Prevent directory access/ browsing
  • Send spiders different content

 

 

Pre-Built Rules:

1. HTML Extension:

Changes all .htm requests to .html

Condition:
  • Condition = Path
  • Sense = Does
  • Check = Match RegEx
  • Value = \.htm$
Evaluation:
  • Blank
Action:
  • Action = Rewrite Path
  • Target = $path$l

 


2. Index.html:

Force to use index.html in requests to folders.

 

Condition: this condition is a general condition that will match most objects
  • Condition = Host
  • Sense = Does
  • Check = Exist
Evaluation:
  • Blank
Action:
  • Action = Redirect 302
  • Target = http://$host$$path$index.html$querystring$


3. Close Folders:

Deny requests to folders.

 

Condition: this condition is a general condition that will match most objects
  • Condition = this need proper thought
  • Sense =
  • Check =
Evaluation:
  • Blank
Action:
  • Action =
  • Target =


4. Hide CGI-BBIN:

Hides cgi-bin catalogue in requests to CGI scripts.

 

Condition: this condition is a general condition that will match most objects
  • Condition = Host
  • Sense = Does
  • Check = Match RegEX
  • Value = \.cgi$
Evaluation:
  • Blank
Action:
  • Action = Rewrite Path
  • Target = /cgi-bin$path$


5. Log Spider:

Log spider requests of popular search engines.

 

Condition: this condition is a general condition that will match most objects
  • Condition = Request Header
  • Match = User-Agent
  • Sense = Does
  • Check = Match RegEX
  • Value = Googlebot|Slurp|bingbot|ia_archiver
Evaluation:
  • Variable = $crawler$
  • Source = Request Header
  • Detail =  User-Agent
Action:
  • Action = Log Event
  • Target = [$crawler$] $host$$path$$querystring$


6. Force HTTPS:

Force to use HTTPS for certain directory. In this case if
a client is accessing anything containing the /secure/ directory then they
will be redirected to  the https version of the URL requested.

 

Condition: 
  • Condition = Path
  • Sense = Does
  • Check = Contain
  • Value = /secure/
Evaluation:
  • Blank
Action:
  • Action = Redirect 302
  • Target = https://$host$$path$$querystring$

 

 

 

7. Media Stream:

Redirects Flash Media Stream to appropriate service.

 

Condition: 
  • Condition = Path
  • Sense = Does
  • Check = End
  • Value = .flv
Evaluation:
  • Blank
Action:
  • Action = Redirect 302
  • Target = http://$host$:8080/$path$

 

8. Swap HTTP to HTTPS:

Change any hardcoded HTTP:// to HTTPS://

 

Condition: 
  • Condition = Response Code
  • Sense = Does
  • Check = Equal
  • Value = 200 OK
Evaluation:
  • Blank
Action:
  • Action = Body Replace All
  • Target = http://
  • Data = https://


9. Blank out Credit Cards:

Check that there are no credit cards in the response and if one is found, blank it out.

 

Condition: 
  • Condition = Response Code
  • Sense = Does
  • Check = Equal
  • Value = 200 OK
Evaluation:
  • Blank
Action:
  • Action = Body Replace All
  • Target = [0-9]+[0-9]+[0-9]+[0-9]+-[0-9]+[0-9]+[0-9]+[0-9]+-[0-9]+[0-9]+[0-9]+[0-9]+-[0-9]+[0-9]+[0-9]+[0-9]+
  • Data = xxxx-xxxx-xxxx-xxxx


10. Content Expiry:

Add a sensible content expiry date to the page to reduce the number of requests and 304s.

 

Condition: this is a generic condition as a catch all. It is recommended to focus this condition on your
  • Condition = Response Code
  • Sense = Does
  • Check = Equal
  • Value = 200 OK
Evaluation:
  • Blank
Action:
  • Action = Add Response Header
  • Target = Cache-Control
  • Data = max-age=3600

 


11. Spoof Server Type:

Get the Server type and change it to something else.

 

Condition: this is a generic condition as a catch all. It is recommended to focus this condition on your
  • Condition = Response Code
  • Sense = Does
  • Check = Equal
  • Value = 200 OK
Evaluation:
  • Blank
Action:
  • Action = Replace Response Header
  • Target = Server
  • Data = Secret


12. Never Send Errors:

Client never gets any errors from your site.

 

Condition:
  • Condition = Response Code
  • Sense = Does
  • Check = Contain
  • Value = 404
Evaluation:
  • Blank
Action:
  • Action = Redirect 302
  • Target = http://$host$/


13. Redirect on Language:

Find the language code and redirect to the related country domain.

 

Condition: 
  • Condition = Language
  • Sense = Does
  • Check = Contain
  • Value = German (Standard)
Evaluation:
  • Variable = $host_template$
  • Source = Host
  • Value = .*\.
Action:
  • Action = Redirect 302
  • Target = http://$host_template$de$path$$querystring$

 

 

14. Google Analytics:

Insert the code required by Google for the analytics – Please change the value MYGOOGLECODE to your Google UA ID.
Condition: 
  • Condition = Response Code
  • Sense = Does
  • Check = Equal
  • Value = 200 OK
Evaluation:
  • blank
Action:
  • Action = Body Replace Last
  • Target = </body>
  • Data = <script
    type=’text/javascript’> var _gaq = _gaq || [];
    _gaq.push([‘_setAccount’, ‘MY GOOGLE CODE’]);
    _gaq.push([‘_trackPageview’]); ( function() { var ga =
    document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async
    = true; ga.src = (‘https:’ == document.location.protocol ?
    ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s =
    document.getElementsByTagName(‘script’)[0];
    s.parentNode.insertBefore(ga, s); } )(); </script> </body>


15. IPv6 Gateway:

Adjust Host Header for IIS IPv4 Servers
on IPv6 Services. IIS IPv4 servers do not like to see an IPV6 address
in the host client request so this rule replaces this with a generic
name.
Condition: 
  • blank

Evaluation:

  • blank
Action:
  • Action = Replace Request Header
  • Target = Host
  • Data =ipv4.host.header

 

 

Back to Top

Log in with your credentials

or    

Forgot your details?

Create Account