flightPATH

The Configure—>flightPATH page allows you to view and update the flightPATH rules on the jetNEXUS ALB-X. The settings are organised in the
following sections:

What is flightPATH?

flightPATH
is a rule engine developed by edgeNEXUS to intelligently manipulate and
route HTTP and HTTPS traffic. It is highly configurable, very powerful
and yet very easy to use.

A flightPATH rule has three components:

Condition:

Set multiple criteria to trigger the rule.

Evaluation:

Variables that can be used in the Action.

Action:

The behaviour once the rule has triggered.

What can flightPATH do?

flightPATH can be used to modify Incoming and Outgoing HTTP(s) content and
requests. As well as using simple string matches such as “Starts with”,
“Ends With” etc. For more complete control powerful Perl Compatible
Regular Expressions can be implemented.
In addition, custom variables can be created and used in the Action enabling many different possibilities.

Details

The details section contains
the name and description of all of the flightPATH rules configured on
the ALB-X. As you click on a rule the details of the rule will show in
the section below.

To add a new flightPATH rule click Add New and give your rule a Name and Description then click Update to save this section.

Condition

  • New conditions can be added by clicking, Add New button.
  • Multiple conditions can be used but ALL must be met for the rule to execute.
  • To use an OR you would need to create an additional flightPATH rule.
  • Each condition contains three elements and a value or not depending on the condition.

Condition:

Select
from the drop down list. You can start typing and the option will
auto-show, you can now select with arrow keys and tab to the next column


Match:

Select from the drop down list or type your match. Depending
on the Condition, the Match maybe blank. For example if the Condition is Request Header the match might be User-Agent


Sense:

Select from the drop down list. There are only two option Does and Doesn’t


Check:

Select from the drop down list. For a simple check use something like Start, End or Contain. If you wish to have more than one Check in the same line then please use Match Regex. Example Check = Match RegEx, Value = item1|intem2|item3


Value:

Manually type the value. This may be a text string or a regular expression.

Condition

Description

Example

<form> HTML forms are used to pass data to a server Example “form doesn’t have length 0”
GEO Location This compares the source IP address to the ISO 3166 Country Code GEO Location does equal GB OR GEO Location does equal Germany
Host This is the host extracted from the URL www.mywebsite.com or 192.168.1.1
Language This is the Language extracted from the language HTTP header This condition will produce a dropdown with a list of Languages
Method This is a drop down of HTTP methods his is a drop down that includes GET, POST etc
Origin IP If upstream proxy supports X-Forwarded-for (XFF) it will use the true Origin address Client IP. Can also use multiple IP’s or subnets.

10\.1\.2\.* is 10.1.2.0 /24 subnet
10\.1\.2\.3|10\.1\.2\.4 Use | for multiple IP’s

Path This is the path of the website /mywebsite/index.asp
POST POST request method Check data being uploaded to a website
Query This is the name and Value of a Query as such it can either accept the query name or a value also “Best=jetNEXUS” Where the Match is Best and the Value is edgeNEXUS
Query String The whole query string after the ? character
Request Cookie This is the name of a cookie requested by a  client MS-WSMAN=afYfn1CDqqCDqUD::
Request Header This can be any HTTP Header Referrer, User-Agent, From, Date
Request Version This is the HTTP version HTTP/1.0 OR HTTP/1.1
Response Body A user defined string in the response body Server UP
Response Code The http code for the response 200 OK, 304 Not Modified
Response Cookie This is the name of a cookie sent by the server MS-WSMAN=afYfn1CDqqCDqUD::
Response Header This can be any HTTP Header Referrer, User-Agent, From, Date
Response Version The HTTP version sent by the server HTTP/1.0 OR HTTP/1.1
Source IP This is either the origin IP, proxy server IP or some other aggregated IP address Client
IP, Proxy IP, Firewall IP. Can also use multiple IP’s and subnets. You
must escape the dots as these are RegEX. Example 10\.1\.2\.3 is 10.1.2.3

Match

Description

Example

Accept Content-Types that are acceptable Accept: text/plain
Accept-Encoding Acceptable encodings Accept-Encoding: <compress | gzip | deflate | sdch | identity>
Accept-Language Acceptable languages for response Accept-Language: en-US
Accept-Ranges What partial content range types this server supports Accept-Ranges: bytes
Authorization Authentication credentials for HTTP authentication Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Charge-To Contains account information for the costs of the application of the method requested
Content-Encoding The type of encoding used on the data. Content-Encoding: gzip
Content-Length The length of the response body in Octets (8-bit bytes) Content-Length: 348
Content-Type The mime type of the body of the request (used with POST and PUT requests) Content-Type: application/x-www-form-urlencoded
Cookie an HTTP cookie previously sent by the server with Set-Cookie (below) Cookie: $Version=1; Skin=new;
Date Date and time at which
the message was originated
Date = “Date” “:” HTTP-date
ETag An identifier for a specific version of a resource, often a message digest ETag: “aed6bdb8e090cd1:0”
From The email address of the user making the request From: user@example.com
If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
Last-Modified The last modified date for the requested object, in RFC 2822 format Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
Pragma Implementation-specific headers that may have various effects anywhere along the request-response chain. Pragma: no-cache
Referrer This is the address of the previous web page from which a link to the currently requested page was followed Referrer: http://www.edgenexus.io
Server A name for the server Server: Apache/2.4.1 (Unix)
Set-Cookie an HTTP cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
User-Agent The user agent string of the user agent User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Vary Tells
downstream proxies how to match future request headers to decide
whether the cached response can be used rather than requesting a fresh
one from the origin server
Vary: User-Agent
X-Powered-By Specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application X-Powered-By: PHP/5.4.0

Check

Description

Example

Exist This does not care for the detail of the condition just that it does/doesn’t Exist  Host — Does — Exist
Start The string starts with the Value Path — Does — Start — /secure
End The string ends with the Value Path — Does — End — .jpg
Contain The string does contain the Value Request Header — Accept — Does — Contain — image
Equal The string does Equal the Value Host — Does — Equal — www.jetnexus.com
Have Length The string does have length of the value Host — Does — Have Length — 16
www.jetnexus.com = TRUE
www.jetnexus.co.uk = FALSE
Match RegEx This enables you to enter a full Perl compatible regular expression Origin IP — Does — Match Regex — 10\..* | 11\..*

Example:

  • The example below has two conditions and BOTH must be met to carry out the action
  • The first is checking that the requested object is an image
  • The second is checking for a specific hostname

Evaluation

Adding
a Variable is a very powerful feature that will allow you to extract
data from the request and include this in the actions.
For example you could log a user username or send an email if there is a security problem.

Variable:

This must start and end with a $ symbol.


Source:

Select from the drop down box the source of the variable.


Detail:

Select from the list when relevant. If the Source=Request Header the Details could be User-Agent.


Value:

Enter the text or regular expression to fine tune the variable.

Source

Description

Example

Cookie This is the name and value of the cookie header MS-WSMAN=afYfn1CDqqCDqUD::

Where the name is MS-WSMAN and the value is afYfn1CDqqCDqUD::

Host This is the hostname extracted from the URL www.mywebsite.com or 192.168.1.1
Language This is the language extracted from the Language HTTP header This condition will produce a dropdown with a list of languages.
Method This is a drop down of HTTP methods The dropdown will include GET, POST
Path This is the path of the website /mywebsite/index.html
POST POST request method Check data being uploaded to a website
Query Item This is the name and value of a query. As such it can either accept the query name or a value also “Best=jetNEXUS” Where the Match is Best and the Value is edgeNEXUS
Query String This is the whole string after the ? character http://server/path/program?query_string
Request Header This can be any header sent by the client Referrer, User-Agent, From, Date…
Response Header This can be any header sent by the server Referrer, User-Agent, From, Date…
Version This is the HTTP version HTTP/1.0 or HTTP/1.1

Detail

Description

Example

Accept Content-Types that are acceptable Accept: text/plain
Accept-Encoding Acceptable encodings Accept-Encoding: <compress | gzip | deflate | sdch | identity>
Accept-Language Acceptable languages for response Accept-Language: en-US
Accept-Ranges What partial content range types this server supports Accept-Ranges: bytes
Authorization Authentication credentials for HTTP authentication Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Charge-To Contains account information for the costs of the application of the method requested
Content-Encoding The type of encoding used on the data. Content-Encoding: gzip
Content-Length The length of the response body in Octets (8-bit bytes) Content-Length: 348
Content-Type The mime type of the body of the request (used with POST and PUT requests) Content-Type: application/x-www-form-urlencoded
Cookie an HTTP cookie previously sent by the server with Set-Cookie (below) Cookie: $Version=1; Skin=new;
Date Date and time at which
the message was originated
Date = “Date” “:” HTTP-date
ETag An identifier for a specific version of a resource, often a message digest ETag: “aed6bdb8e090cd1:0”
From The email address of the user making the request From: user@example.com
If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
Last-Modified The last modified date for the requested object, in RFC 2822 format Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
Pragma Implementation-specific headers that may have various effects anywhere along the request-response chain. Pragma: no-cache
Referrer This is the address of the previous web page from which a link to the currently requested page was followed Referrer: http://www.edgenexus.io
Server A name for the server Server: Apache/2.4.1 (Unix)
Set-Cookie an HTTP cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
User-Agent The user agent string of the user agent User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Vary Tells
downstream proxies how to match future request headers to decide
whether the cached response can be used rather than requesting a fresh
one from the origin server
Vary: User-Agent
X-Powered-By Specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application X-Powered-By: PHP/5.4.0

Example 1:

In the example below we have created a variable called ignorestart. It looks at the Path and ignores the first section called finance and use the latter part of the path as the contents of the variable.

This
method allows the use of regular expression groups to create the
variable. The example below only has one group so the value will be the
characters contained within the brackets. IF more than one group is
used in a regular expression the value will be taken from the last
group.

Path                     = /finance/budgets/alpha/1.html
$ignorestart$     = /budgets/alpha/1.html

Action

The action is the task or tasks that are enabled once the condition or conditions have been met.

Action:

Double click on the Action column to view drop down list.


Target:

Double click on the Target column to
view the drop down list. The list will change depending on the Action.
You may also type manually with some actions.


Data:

Double click on the Data column to manually add your data that you wish to add or replace.

The list of all the actions are detailed below:

Action

Description

Example

Add Request Cookie Add request cookie detailed in the Target section with value in Data section Target= Cookie

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Add Request Header Add a request header of Target type with value in Data section Target= Accept

Data= image/png

Add Response Cookie Add Response Cookie detailed in the Target section with value in Data section Target= Cookie

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Add Response Header Add request header detailed in the Target section with value in the Data section Target= Cache-Control

Data= max-age=8888888

Body Replace All Search the Response Body and replace all instances Target= http:// (Search string)

Data= https:// (Replacement string)

Body Replace First Search the Response Body and replace first instance only Target= http:// (Search string)

Data= https:// (Replacement string)

Body Replace Last Search the Response Body and replace last instance only Target= http:// (Search string)

Data= https:// (Replacement string)

Drop This will drop the connection Target= N/A

Data= N/A

e-Mail Will send an email to the address configured in Email Events. You can use a variable as the address or the message Target= “flightPATH has emailed this event”

Data= N/A

Log Event This will log an event to the System log Target= “flightPATH has logged this in syslog”

Data= N/A

Redirect 301 This will issue a permanent redirect Target= http://www.edgenexus.io
Data= N/A
Redirect 302 This will issue a temporary redirect Target= http://www.edgenexus.io
Data= N/A
Remove Request Cookie Remove request cookie detailed in the Target section Target= Cookie

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Remove Request Header Remove request header detailed in the Target section Target=Server
Data=N/A
Remove Response Cookie Remove response cookie detailed in the Target section Target=jnAccel
Remove Response Header Remove the response header detailed in Target section Target= Etag

Data= N/A

Replace Request Cookie Replace request cookie detailed in the Target section with value in the Data section Target= Cookie

Data= MS-WSMAN=afYfn1CDqqCDqCVii

Replace Request Header Replace request header in the Target with Data value Target= Connection

Data= keep-alive

Replace Response Cookie Replace the response cookie detailed in Target section with value in Data section Target=jnAccel=afYfn1CDqqCDqCVii
Date=MS-WSMAN=afYfn1CDqqCDqCVii
Replace Response Header Replace the response header detailed in Target section with value in Data section Target= Server

Data= Withheld for Security

Rewrite Path This will allow you to redirect the request to new URL based on the condition Target= /test/path/index.html

Data= N/A

Use Secure Server Select which secure server or virtual service to use Target=192.168.101:443
Data=N/A
Use Server Select which server or virtual service  to use Target= 192.168.101:80
Data= N/A

Example:

The
action below will issue a temporary redirect to the browser to a secure
HTTPS Virtual Service. It will use the same hostname, path and querystring as
the request.

fpaction


Diagnostics

Tick this box to enable a more detailed trace. This will log additional detail to the syslog and should be used for testing and troubleshooting only as it will increase latency and CPU.

fpdiagnostics

Common Uses:

Application Firewall and Security:

  • Block unwanted IPs
  • Force user to HTTPS for specific (or all) content
  • Block or redirect spiders
  • Prevent and alert cross site scripting
  • Prevent and alert SQL injection
  • Hide internal directory structure
  • Rewrite cookies
  • Secure directory for particular users

Features:

  • Redirect users based on path
  • Provide Single sign on across multiple systems
  • Segment users based on User ID or Cookie
  • Add headers for SSL offload
  • Language detection
  • Rewrite user request
  • Fix broken URLs
  • Log and Email Alert 404 response codes
  • Prevent directory access/ browsing
  • Send spiders different content

Pre-Built Rules:

1. HTML Extension:

Changes all .htm requests to .html.

2. Index.html:

Force to use index.html in requests to folders.


3. Close Folders:

Deny requests to folders.


4. Hide CGI-BBIN:

Hides cgi-bin catalogue in requests to CGI scripts.


5. Log Spider:

Log spider requests of popular search engines.


6. Force HTTPS:

Force to use HTTPS for certain directory.


7. Media Stream:

Redirects Flash Media Stream to appropriate channel.


8. Swap HTTP to HTTPS:

Change any hardcoded HTTP:// to HTTPS://


9. Blank out Credit Cards:

Check that there are no credit cards in the response and if one is found, blank it out.


10. Content Expiry:

Add a sensible content expiry date to the page to reduce the number of requests and 304s.


11. Spoof Server Type:

Get the Server type and change it to something else.


12. Never Send Errors:

Client never gets any errors from your site.


13. Redirect on Language:

Find the language code and redirect to the related country domain.


14. Google Analytics:

Insert the code required by Google for the analytics – Please change the value MYGOOGLECODE to your Google UA ID.

Log in with your credentials

or    

Forgot your details?

Create Account