Redirect http to https with DataPower

There is a strong argument that all web applications and services should be using https only.

If DataPower is the point of contact it makes sense to have it redirect any traffic coming from http (port 80) to https (port 443).

One method to set this up in DataPower is with a Multi-Protocol Gateway service.

(note Version 7.2.0 was used)

DataPower_Configure_Multi_Protocol_Gateway

Configure the Multi-Protocol Gateway Service as follows:

Set the Type to dynamic backends.

Configure a new Multi-Protocol Gateway policy.

DataPower _ Processing Policy_

Set a name and create a new rule. The rule direction is client to server.

Open the match action and set the Matching Rule to “all”.

DP_Configure a Match Action

Next create a Filter action.

DP_Configure Filter Action

Upload the following XSLT:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions" xmlns:dpconfig="http://www.datapower.com/param/config" version="1.0" extension-element-prefixes="dp">
  <xsl:template name="replace-string">
    <xsl:param name="text" />
    <xsl:param name="replace" />
    <xsl:param name="with" />
    <xsl:choose>
      <xsl:when test="contains($text,$replace)">
        <xsl:value-of select="substring-before($text,$replace)" />
        <xsl:value-of select="$with" />
        <xsl:call-template name="replace-string">
          <xsl:with-param name="text" select="substring-after($text,$replace)" />
          <xsl:with-param name="replace" select="$replace" />
          <xsl:with-param name="with" select="$with" />
        </xsl:call-template>
      </xsl:when>
      <xsl:otherwise>
        <xsl:value-of select="$text" />
      </xsl:otherwise>
    </xsl:choose>
  </xsl:template>
  <xsl:template match="/">
    <xsl:variable name="protocol" select="dp:variable('var://service/protocol')" />
    <xsl:variable name="inputURL" select="dp:variable('var://service/URL-in')" />
    <xsl:variable name="urlNoProtocol" select="substring-after($inputURL, 'http://')" />
    <xsl:if test="$protocol != 'https'">
      <xsl:variable name="urlChangePort">
        <xsl:call-template name="replace-string">
          <xsl:with-param name="text" select="$urlNoProtocol" />
          <xsl:with-param name="replace" select="':80'" />
          <xsl:with-param name="with" select="':443'" />
        </xsl:call-template>
      </xsl:variable>
      <xsl:variable name="url" select="concat('https://', $urlChangePort)" />
      <dp:set-variable name="'var://service/mpgw/skip-backside'" value="true()" />
      <dp:set-http-response-header name="'x-dp-response-code'" value="'302 Redirect'" />
      <dp:set-http-response-header name="'Location'" value="$url" />
    </xsl:if>
  </xsl:template>
</xsl:stylesheet>

This xsl is looking up the incoming protocol service variable. If it’s not https then it’s:

  • Setting skipbackside to true to prevent the request from reaching the backend.
  • Setting the response code in the response header to ‘302 redirect’.
  • Generating the corresponding https redirect-url (using the url-in service variable) and setting the response header location to this url.

Next create a Results action.

DP_Configure Results Action

Apply the Policy.

Configure a Front Side Protocol and set the listening IP and Port for your service.

DP_Configure_ HTTP Front Side Handler

Response type and Request type can be set to “Non-XML”.

The rest of the settings may be left as default.

Save and you should be able to test the redirect.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s