Other items can control the flow of requests to an HTTP server as well as embedded URLs. For example, a client can access a Web page beyond the control of an SWP with a simple Java script like this:
<SCRIPT language=”JavaScript”>
var webpage = “/absolute_url/”;
document.location = webpage;
</SCRIPT>
where /absolute_url/ is the absolute path to the server, application, and requested data (Web page, image, and so on).
The above sample script bypasses an SWP and directs the client request directly to the source. To help address this, an SWP automatically adds a small script to the beginning of each HTML page that is proxied to the client, which can be used with certain limitations, to help block client-side scripting that redirects the user outside the control of the SWP; for example:
<SCRIPT language =”JavaScript”>
function SybEPSSRewriter (href) {
if (href.charAt (0) == ‘/’)
return “/security/proxy/Sybase/0” + href;
return href;
}
</SCRIPT>
where Sybase/0 is dynamically calculated for each page, depending on the origin of the page.
In this sample, the script assumes that all embedded URLs
reference resources in the same index (/0).
The SWP scans the page as it
is proxied to the client and locates this pattern:
... document.location ...
When the pattern is found, the SWP inserts calls within the client-side script to call the SybEPSSRewrite function, which dynamically rewrites URLs on the client side. The pattern is replaced with:
document.location = SybEPSSRewrite (webpage);
The result is:
<SCRIPT language=”JavaScript”>
var webpage = “/absolute_url/”;
document.location = SybEPSSRewrite (webpage);
</SCRIPT>
For each page, you must determine the exact text of script that blocks the client-side Java script.
An SWP allows you to create patterns and pattern classes and store them in the SWP properties file. When script rewriting is enabled, an SWP scans client requests for patterns that match patterns defined in the properties file, and rewrites the script as necessary. See Table 14-1. Again, script rewriting is CPU-intensive. However, you can enable the script-rewriting filter at the application level, so not all applications are forced to use it.
