WebVPN - SSL Portal - URL Rewrite

Endorsed Question
Apr 12th, 2012
User Badges:

Hi,


I'm currently using WebVPN portal to access an internal web application. As I understood the router/firewall make a rewrite of each url by adding following information /PORT/IP_ADDRESS/resource. For example if I access (internally) http://192.168.1.100:81/index.html, from outside (via ssl portal) this will become https://vpn.mydomain.com/81/192.168.1.100/index.html


Now I have the following problem: the web application we are reaching have in allmost AJAX request the root (/) url as base point to do the GET request, this means that if for example the application try to load /images/test.gif it results in giving me the following WRONG get rewrite: https://vpn.mydomain.com/images/test.gif instead of the expected (right) URL https://vpn.mydomain.com/81/192.168.1.100/images/test.gif, this results that the webapplication is not usable from the portal. (the example above with the image is only to explain the problem, most problem happens on doing ajax request with the root url as base for GET request)


How may I overcome this problem?


The only solution I see is:

  • Manually change source code of the application (> 100k line of code, javascript is minimized) = not applicable
  • Using a URL rewrite somewhere (i.e. proxy?!) but I will still have some problem with https (certificate) and probably wont work




Thank you so much

Cisco Endorsed by Ming Su
vabruno about 5 years 2 weeks ago

don't think there is a solution for this because the ASA can't rewrite the URL unless the page is refreshed and that is not the case with Ajax application, you may want to try and use smart tunnels for that specific application


Sent from Cisco Technical Support iPad App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
vabruno Sun, 04/15/2012 - 16:32
User Badges:

don't think there is a solution for this because the ASA can't rewrite the URL unless the page is refreshed and that is not the case with Ajax application, you may want to try and use smart tunnels for that specific application


Sent from Cisco Technical Support iPad App

gabriel.barrios Thu, 10/10/2013 - 13:21
User Badges:

Have you try to do a Proxy Bypass at the ASA?


You will find it at:

Configuration----RemoteAccessVPN---Clientless---Advanced---ProxyBypass


You may use wildcard for your internal website.


Hope it helps


Gabriel

Actions

This Discussion

Related Content