Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual page 50

browser and Access Gateway, the URL reference
must be rewritten to
clicks the HTTP link, the browser must change from HTTP to HTTPS and establish a new SSL
session.
To ensure that URL references containing private IP addresses or private DNS names are
changed to the published DNS name of the Access Gateway or hosts.
For example, suppose that a company has an internal Web site named
expose this site to Internet users through the Access Gateway by using a published DNS name
of
novell.com
the private DNS name, such as
unable to resolve
errors in the browser.
The HTML rewriter can resolve this issue. The DNS name field in the Access Gateway
configuration is set to
Access Gateway. The rewriter parses the Web page, and any URL references matching the
private DNS name or private IP address listed in the Web server address field of the Access
Gateway configuration are rewritten to the published DNS name
number of the Access Gateway.
Rewriting URL references addresses two issues: 1) URL references that are unreachable
because of the use of private DNS names or IP addresses are now made accessible and 2)
Rewriting prevents the exposure of private IP addresses and DNS names that might be sensitive
information.
To ensure that the Host header in incoming HTTP packets contains the name understood by the
internal Web server.
Using the example in
HTTP or HTTPS requests to have the Host field set to
using the published DNS name
requests received by the Access Gateway is set to
configured to rewrite this public name to the private name expected by the Web server by
setting the Web Server Host Name option to
packets to the Web server, the Host field is changed (rewritten) from
data.com
Web Servers of a Proxy Service," on page
The rewriter searches for URLs in the following HTML contexts. They must meet the following
criteria to be rewritten:
Context
HTTP Headers
JavaScript
50 Novell Access Manager 3.1 SP2 Access Gateway Guide
https://novell.com/path/image1.jpg
. Many of the HTML pages on this Web site have URL references that contain
http://data.com/imagel.jpg
data.com/imagel.jpg
, which users can resolve through a public DNS server to the
novell.com
Figure 1-6 on page
novell.com/path
. For information about configuring this option, see
Criteria
Qualified URL references occurring within certain types of HTTP response
headers such as Location and Content-Location are rewritten. The Location
header is used to redirect the browser to where the resource can be found. The
Content-Location header is used to provide an alternate location where the
resource can be found.
Within JavaScript, absolute references are always evaluated for rewriting.
Relative references (such as
(such as /docs/file.html
based multi-homing Web server and the reference follows an HTML tag. For
example, the string
multi-homing path that has been configured to be removed.
http://novell.com/path/image1.jpg
, links using this URL reference would return DNS
49, suppose that the internal Web server expects all
data.com
, the Host field of the packets in those
novell.com
. Before the Access Gateway forwards
data.com
Section 1.2, "Configuring the
22.
index.html) are not attempted. Absolute paths
) are evaluated if the page is read from a path-
href='/docs/file.html'
. Otherwise, when the user
, and wants to
data.com
. Because Internet users are
and the port
novell.com
. When users send requests
. The Access Gateway can be
to
novell.com
is rewritten if /docs is a