The rewriter parses and searches the web content that passes through Access Gateway for URL references that qualify to be rewritten. URL references are rewritten when they meet the following conditions:
URL references containing DNS names or IP addresses matching those in the web server address list are rewritten with the Published DNS Name.
URL references matching Web Server Host Name are rewritten with the Published DNS Name.
URL references matching entries in the Additional DNS Name List of the host are rewritten with the Published DNS Name. The Web Server Host Name does not need to be included in this list.
DNS names in Exclude DNS Name List specify the names the rewriter must skip and not rewrite.
IMPORTANT:Excludes in the Exclude DNS Name List are processed first, then the includes in the Additional DNS Name List. If you put the same DNS name in both lists, the DNS name is rewritten.
The following sections describe the conditions to consider when adding DNS names to the lists:
Sometimes web pages contain URL references to a hostname that does not meet the default criteria for being rewritten. That is, the URL reference does not match Web Server Host Name or any value (IP address) in Web Server List. If these names are sent back to the client, they are not resolvable. Figure 2-10 illustrates a scenario that requires an entry in the Additional DNS Name List.
Figure 2-10 Rewriting a URLs for Web Servers
The page on the data.com web server contains two links, one to an image on the data.com server and one to an image on the graphics.com server. The link to the data.com server is automatically rewritten to example.com, when rewriting is enabled. The link to the image on graphics.com is not rewritten, until you add this URL to the Additional DNS Name List. When the link is rewritten, the browser knows how to request it, and Access Gateway knows how to resolve it.
You need to include names in this list if your web servers have the following configurations:
If you have a cluster of web servers that are not sharing the same DNS name, you need to add their DNS names to this list.
If your web server obtains content from another web server, the DNS name for this additional web server needs to be added to the list.
If the web server listens on one port (for example, 80), and redirects the request to a secure port (for example, 443), the DNS name needs to be added to the list. The response to the user comes back on https://<DNS_name>:443. This does not match the request that was sent on http://<DNS_name>:80. If you add the DNS name to the list, the response can be sent in the format that the user expects.
If an application is written to use a private hostname, add the private hostname to the list. For example, assume that an application URL reference contains the hostname of home (http://home/index.html). This hostname needs to be added to the Additional DNS Name List.
If you enable Forward Received Host Name on your path-based multi-homing service and your web server is configured to use a different port, you need to add the DNS name with the port to the Additional DNS Name List.
For example, if the public DNS name of the proxy service is www.myag.com, the path for the path-based multi-homing service is /sales, and the web server port is 801, the following DNS name needs to be added to the Additional DNS Name List of the /sales service:
http://www.myag.com:801
When you enter a name in the list, it can use any of the following formats:
DNS_name host_name IP_address scheme://DNS_name scheme://IP_address scheme://DNS_name:port scheme://IP_address:port
For example:
HOME https://www.backend.com https://10.10.15.206:444
These entries are not case-sensitive.
If you have two reverse proxies protecting the same web server, the rewriter correctly rewrites the references to the web server so that browser always uses the same reverse proxy. If the browser requests a resource using example.com.uk, the response is returned with references to example.com.uk and not example.com.usa.
If you have a third reverse proxy protecting a web server, the rewriting rules can become ambiguous. For example, consider the configuration illustrated in Figure 2-11.
Figure 2-11 Excluding URLs
A user accesses data.com through the published DNS name of example.com.mx. The data.com server has references to product.com. The example.com.mx proxy has two ways to get to the product.com server because this web server has two published DNS names (example.com.uk and example.com.usa). The rewriter can use any of these to rewrite references to product.com.
If you want all users coming through example.com.mx to use the example.com.usa proxy, you need to block the rewriting of product.com to example.com.uk. On the HTML Rewriting page of the reverse proxy for example.com.uk, add product.com and any aliases to the Exclude DNS Name List.
If you do not need to know which proxy is returned in the reference, do not add anything to the Exclude DNS Names List.