Alteon

34.x

Alteon Level 1
Lab Manual
Content Modification
Table of Contents

Overview .................................................................................................................................... 3
Objectives .................................................................................................................................. 3
Lab Preparations: Restore Standard Setup ............................................................................ 3
Lab Activities ............................................................................................................................. 4
Insert Client IP into HTTP Header.............................................................................................................................. 4
Remove Server Identity ................................................................................................................................................. 5
Redirect if Server Responds with an Error Message ........................................................................................... 6
Replace Host Name .......................................................................................................................................................... 6

Alteon Level 1 Lab Manual 2

Overview
In various cases there is a need to control the content returned by a Web application or sent to the Web application.
Content modification can include modifying URLs of objects, modifying cookies or other HTTP headers or modifying
any text in the HTTP or HTML. Alteon lets you also modify different types of HTTP elements using self-defined
modification
rules.

HTTP elements that can be modified:

• HTTP Headers - Can be inserted, replaced, or removed

• Cookies - Can be replaced or removed
• File type - File type elements within the HTTP requests can be replaced
• Status Line - Status line elements within the HTTP responses can be replaced
• URL - Within requests or responses, headers or entire message body can be replaced
• Text - Any text elements can be replaced in HTTP headers or the entire message body

Objectives
After viewing module on SLB content modification or "switching” and completing this lab, you should be able to:

• Insert Client IP while using Proxy IP towards the server.

• Hide server identity to increase security.
• Redirect to start page if server responds with an error code of 404
• Rewrite parts the hostname.

Lab Preparations: Restore Standard Setup

Before you begin this lab:
a. You should have successfully competed ADC SLB setup.
b. Access Alteon management port and login.
i. Import SLB SETUP if changes were made after the previous lab.
ii. Disable any content based rules.
iii. Set the group metric to Round Robin
/c/slb/group <group>/metric roundrobin
iv. Disable persistent binding (pbind). PBind takes precedence over string load balancing.
/c/slb/virt <virt server>/service <virt service>/pbind disable
c. Verify your SLB SETUP is properly working before going on.
i. Clear the session table.
/oper/slb/clear
ii. Generate test traffic to your servers (VIP)
iii. View statistics on your virtual server connection
/st/slb/virt <virt>

/st/slb/clear

Alteon Level 1 Lab Manual 3

Lab Activities
Here is a summary of tasks in this lab:
1. Insert Client IP into HTTP header
2. Remove server identity
3. Redirect if error message
4. Replace host name

Insert Client IP into HTTP Header

This information is the data of the http header called x-forwarded-for which Alteon adds to the server connection.

1. Open a browser and connect to the VIP to display the proxy IP configured.

TIP: You should see a proxy IP (example shown below):

Your IP is: [ex. 10.200.1.15]

2. Enable forwarding of the client IP as a header.

GUI:
• Configuration → Application Delivery → Virtual Services
• Edit the virtual server
• Edit the virtual service
• Properties tab
Delayed Binding: Force Proxy
• HTTP Content Modification tab
Check the box for Insert X-Forwarded-For
• Submit
• Create the PIP 10.200.1.15 on the service (if it doesn’t exist)
• Close
• Apply
• Save
• Sync

3. Connect to your VIP. You should see the x-Forward for Header.

Now the server can see the Proxy IP (visible IP) and the client real IP (x-forwarded-for IP).
Your visible IP is: [ex. 10.200.1.15]
X-Forwarded-For IP: [ex. 192.168.175.20]

Alteon Level 1 Lab Manual 4

Remove Server Identity
Removing response header information from the server response is called server cloaking.

1. Remove server information from the response to client.

a. Open the web development tools of your favorite browser or capturing tool and start capturing.
b. Connect to the website. In the capture tool, look for HTTP response header called “Server” --
which attackers could also use.
c. Remove this HTTP response header information from the server response.

GUI:
• Configuration → Application Delivery → Virtual Services
• Edit the virtual server
• Edit the virtual service
• HTTP Content Modification tab
Check the box for Server Cloaking
• Submit
• Close
• Apply
• Save
• Sync

If you reload the browser window and look in the capture tool, you can see the response header is replaced
by generic information (i.e., Web Server). You can use Developer Tools in Chrome for example to examine
the response header. You should see “Server: Web Server” in response header.

Alteon Level 1 Lab Manual 5

Redirect if Server Responds with an Error Message
Intercept server responses and update the HTTP error messages sent to the user by the
server.
1. Intercept 404 errors and redirect to a new page
a. Redirect to http://www.radware.lab/

NOTE: The error code generated by the server can be changed, the error reason edited, or
redirected to a different HTTP location. When redirecting, the hostname specified should include
the protocol. For example: http://www.a.com and not www.a.com.

i. Multiple error codes per service can be defined if all use the same behavior.
ii. When editing the error code configuration, type all the relevant codes.
iii. To configure multiple error codes, type codes separated by comma. For example: 403,
504.

GUI:
• Configuration → Application Delivery → Virtual Services
• Edit the Virtual Server
• Edit the Virtual service
• HTTP Content Modification tab
o Check the box for Error Code Update
o Match Error Code(s): 404
o HTTP Redirection: Enable
o URL: http://www.radware.lab
o Response Code: 302
o Submit
• Close
• Apply
• Save
• Sync

2. Under the HTTP Service Menu configure a redirect to go back to the main URL if an error is encounter
(either URL or IP of VIP).
a. Open a browser on Team-PC and connect to your VIP requesting a web page which does not
exist (i.e., http://www.radware.lab/notthere.html).
i. You should be redirected back to the main page.

If you do not see the start page, double-check the web development tools of your favorite browser or
capturing tool to see the Response Header status-line.

Replace Host Name

Rewrite the hostname used by the client and send a different hostname to the server.

This can be useful if a domain has changed.

1. Create a http modification rule to change the header.

Use www.radware.lab as the matched host.

GUI:

Alteon Level 1 Lab Manual 6

 • Configuration → Application Delivery → Application Services → HTTP → Content Modification
Rule-List
• Click “+” to add a rule-list
• Check the box to Enable Modification Rule-list
• Modification Rule-List ID: MyHost
• HTTP Rules tab
o Click “+” to add a new rule
o Check the box to Enable HTTP Modification Rule
o Rule ID: 10
o Element: URL
o Direction: Request
o URL Match tab
▪ Protocol: HTTP
▪ Host Match Type: Equal
▪ Host to Match: www.radware.lab
o URL Action tab
▪ Protocol: HTTP
▪ Host Action Type: Replace
▪ New Host to Replace: www.radware.com
o Submit
o Close
• Edit Virtual Server Virt1
o Edit Virtual Service HTTP
o HTTP Content Modification tab
▪ HTTP Modification Rule List: MyHost
• Submit
• Apply
• Save
• Sync

2. Verify your configuration by browsing to your VIP from your RDP PC.

You should see that your request was rewritten by the server.

Export configuration as a backup. Name the file BACKUP CONTENT MODIFICATION.

Alteon Level 1 Lab Manual 7

 © 2024 Radware Ltd. All rights reserved. The Radware products and solutions mentioned in this document
are protected by trademarks, patents and pending patent applications of Radware in the U.S. and other
countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and
names are property of their respective owners.

For questions, contact training@Radware.com

Alteon Level 1 Lab Manual 8