Content Rewrite Profile

Associating a content rewrite profile with an HTTP(s) virtual service enables modification of HTML content within the body of a server response.

Notes:
1. As of Avi Vantage release 17.1.1, a content rewrite policy can be created and attached to a virtual service via the Avi CLI or API.
2. Client request rewriting will be supported in a future release.

A content rewrite profile specifies one or more strings to be searched for within the body of the server response. The profile neither modifies client requests nor server headers. Headers may be modified using other features such as DataScripts or policies. For information about rewriting response headers, read this article.

About Searching

  • Content rewriting can be computationally expensive. Therefore, it is recommended to limit the search-replace to specific content types that should be modified. The rewritable_content_ref argument is used to specify a string group, which contains a list of eligible content types. By default, Avi Vantage configurations include the System-Rewritable-Content-Types string group, a list containing common text-based HTML MIME types such as text/html, text/plain, etc. This ensures that base64-encoded content, such as images, are not inspected when performing search-replace operations.
  • Search is conducted throughout the entire body of the eligible server response, with no length limit.
  • If a search string is found in multiple locations within a single HTTP response body, it will be replaced in all those locations.
  • Multiple search-replace pairs can be specified in a single content rewrite profile; all are actively and independently be applied. The content replacement is not recursive. For example, consider a profile having a search-replace of “a” with “b”, and a second search-replace of “b” with “c”. Only pre-existing instances of “b” in the server response will be replaced with “c.” Instances of “a” that are replaced with “b” are not recursively checked and replaced with “c.” Thus, with both pairs applied, a server response body of “abca” would be rewritten to “bccb.”
  • Searches are not case sensitive.

Replacement String Types

The found strings may be replaced with new strings via one of three methods used to specify the new string.

  1. Literal strings are basic text strings to be used for replacing data found in response bodies.
  2. Strings within identified HTTP headers can be incorporated into replacement strings. Just specify the header name, and its current value will be used as the replacement string. If the header does not exist, the search string will be replaced with null data, effectively turning off that part of searching. When using HTTP Header, set the Type to HTTP_HEADER_VAR, and then input the name of the header to use.
  3. DataScript can be used to generate a replacement string. Create and attach a new DataScript to the virtual service. It must use the avi.http.set_reqvar() function to specify the new value. For example, a call to avi.http.set_reqvar(“key1”, “value1”) creates a variable named key1 and sets it to value1. In the content rewrite profile, set the type to DATASCRIPT_VAR and the variable to key1. With each HTTP request, the DataScript can uniquely set the DataScript variable to key1 and assign it a new value (e.g., value1, value2, and so on), based on the script logic. If no DataScript has been assigned to the virtual service, if the variable is set to a different name, or no variable has been set, the content rewrite profile will replace the searched string with null data, effectively removing the searched string from the response.

CLI Interface

In the below terminal dialog, notice these operative fields within the VirtualService object named VS3:

  • content_rewrite.rewritable_content_ref
  • content_rewrite.request_rewrite_enabled
  • content_rewrite.response_rewrite_enabled
  • content_rewrite.rsp_match_replace_pair.match_string
  • content_rewrite.rsp_match_replace_pair.replacement_string.type
  • content_rewrite.rsp_match_replace_pair.replacement_string.val

We have inserted [TAB][TAB] in the below terminal dialog to indicate the user’s typing of 2 tabs, causing the Avi shell to reveal command-line syntax.


[admin:10-160-0-3]: > configure virtualservice VS3
Updating an existing object. Currently, the object is:
+----------------------------------+-----------------------------------------------------+
| Field                            | Value                                               |
+----------------------------------+-----------------------------------------------------+
| uuid                             | virtualservice-d49aff8a-2846-457b-98c7-657c18675b0e |
| name                             | VS3                                                 |
| enabled                          | True                                                |
| services[1]                      |                                                     |
|   port                           | 80                                                  |
|   enable_ssl                     | False                                               |
|   port_range_end                 | 80                                                  |
| application_profile_ref          | System-HTTP                                         |
| network_profile_ref              | System-TCP-Proxy                                    |
| pool_ref                         | VS3-pool                                            |
| se_group_ref                     | Default-Group                                       |
| network_security_policy_ref      | vs-VS3-Default-Cloud-ns                             |
| analytics_policy                 |                                                     |
|   full_client_logs               |                                                     |
|     enabled                      | True                                                |
|     duration                     | 30 min                                              |
|     all_headers                  | False                                               |
|   client_insights                | ACTIVE                                              |
|   metrics_realtime_update        |                                                     |
|     enabled                      | True                                                |
|     duration                     | 30 min                                              |
| vrf_context_ref                  | global                                              |
| enable_autogw                    | True                                                |
| analytics_profile_ref            | System-Analytics-Profile                            |
| weight                           | 1                                                   |
| delay_fairness                   | False                                               |
| max_cps_per_client               | 0                                                   |
| limit_doser                      | False                                               |
| type                             | VS_TYPE_NORMAL                                      |
| cloud_type                       | CLOUD_NONE                                          |
| use_bridge_ip_as_vip             | False                                               |
| flow_dist                        | LOAD_AWARE                                          |
| ign_pool_net_reach               | False                                               |
| ssl_sess_cache_avg_size          | 1024                                                |
| remove_listening_port_on_vs_down | False                                               |
| tenant_ref                       | admin                                               |
| cloud_ref                        | Default-Cloud                                       |
| east_west_placement              | False                                               |
| scaleout_ecmp                    | False                                               |
| active_standby_se_tag            | ACTIVE_STANDBY_SE_1                                 |
| flow_label_type                  | NO_LABEL                                            |
| content_rewrite                  |                                                     |
|   rewritable_content_ref         | System-Rewritable-Content-Types                     |
|   request_rewrite_enabled        | False                                               |
|   response_rewrite_enabled       | False                                               |
| sideband_profile                 |                                                     |
|   sideband_max_request_body_size | 1024 bytes                                          |
| vip[1]                           |                                                     |
|   vip_id                         | 1                                                   |
|   ip_address                     | 10.160.33.200                                       |
|   enabled                        | True                                                |
|   auto_allocate_ip               | False                                               |
|   auto_allocate_floating_ip      | False                                               |
|   avi_allocated_vip              | False                                               |
|   avi_allocated_fip              | False                                               |
| vsvip_ref                        | vsvip-VS3-Default-Cloud                             |
+----------------------------------+-----------------------------------------------------+
[admin:10-160-0-3]: virtualservice> content_rewrite
[admin:10-160-0-3]: virtualservice:content_rewrite> where
Tenant: admin
+--------------------------+---------------------------------+
| Field                    | Value                           |
+--------------------------+---------------------------------+
| rewritable_content_ref   | System-Rewritable-Content-Types |
| request_rewrite_enabled  | False                           |
| response_rewrite_enabled | False                           |
+--------------------------+---------------------------------+
[admin:10-160-0-3]: virtualservice:content_rewrite> response_rewrite_enabled [TAB][TAB]
request_rewrite_enabled   Enable rewrite on request body.
rewritable_content_ref    Rewrite only content types listed in this string group. Content types not present in this list are not rewritten.
[admin:10-160-0-3]: virtualservice:content_rewrite> response_rewrite_enabled
Overwriting the previously entered value for response_rewrite_enabled
[admin:10-160-0-3]: virtualservice:content_rewrite> where
Tenant: admin
+--------------------------+---------------------------------+
| Field                    | Value                           |
+--------------------------+---------------------------------+
| rewritable_content_ref   | System-Rewritable-Content-Types |
| request_rewrite_enabled  | False                           |
| response_rewrite_enabled | True                            |
+--------------------------+---------------------------------+
[admin:10-160-0-3]: virtualservice:content_rewrite> rsp_match_replace_pair
New object being created
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair> where
Tenant: admin
No result.

[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair> match_string ABC
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair> replacement_string
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair:replacement_string> type [TAB][TAB]
datascript_var    The variable exposed in datascript to be used as the replacement string in content rewrite.
http_header_var   The HTTP header to be used as the replacement string in content rewrite.
literal_string    The literal string to be used as the replacement string in content rewrite.
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair:replacement_string> type literal_string
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair:replacement_string> val XYZ
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair:replacement_string> save
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair> where
Tenant: admin
+--------------------+----------------+
| Field              | Value          |
+--------------------+----------------+
| match_string       | ABC            |
| replacement_string |                |
|   type             | LITERAL_STRING |
|   val              | XYZ            |
+--------------------+----------------+
[admin:10-160-0-3]: virtualservice:content_rewrite:rsp_match_replace_pair> save
[admin:10-160-0-3]: virtualservice:content_rewrite> save
[admin:10-160-0-3]: virtualservice> save
+----------------------------------+-----------------------------------------------------+
| Field                            | Value                                               |
+----------------------------------+-----------------------------------------------------+
| uuid                             | virtualservice-d49aff8a-2846-457b-98c7-657c18675b0e |
| name                             | VS3                                                 |
| enabled                          | True                                                |
| services[1]                      |                                                     |
|   port                           | 80                                                  |
|   enable_ssl                     | False                                               |
|   port_range_end                 | 80                                                  |
| application_profile_ref          | System-HTTP                                         |
| network_profile_ref              | System-TCP-Proxy                                    |
| pool_ref                         | VS3-pool                                            |
| se_group_ref                     | Default-Group                                       |
| network_security_policy_ref      | vs-VS3-Default-Cloud-ns                             |
| analytics_policy                 |                                                     |
|   full_client_logs               |                                                     |
|     enabled                      | True                                                |
|     duration                     | 30 min                                              |
|     all_headers                  | False                                               |
|   client_insights                | ACTIVE                                              |
|   metrics_realtime_update        |                                                     |
|     enabled                      | True                                                |
|     duration                     | 30 min                                              |
| vrf_context_ref                  | global                                              |
| enable_autogw                    | True                                                |
| analytics_profile_ref            | System-Analytics-Profile                            |
| weight                           | 1                                                   |
| delay_fairness                   | False                                               |
| max_cps_per_client               | 0                                                   |
| limit_doser                      | False                                               |
| type                             | VS_TYPE_NORMAL                                      |
| cloud_type                       | CLOUD_NONE                                          |
| use_bridge_ip_as_vip             | False                                               |
| flow_dist                        | LOAD_AWARE                                          |
| ign_pool_net_reach               | False                                               |
| ssl_sess_cache_avg_size          | 1024                                                |
| remove_listening_port_on_vs_down | False                                               |
| tenant_ref                       | admin                                               |
| cloud_ref                        | Default-Cloud                                       |
| east_west_placement              | False                                               |
| scaleout_ecmp                    | False                                               |
| active_standby_se_tag            | ACTIVE_STANDBY_SE_1                                 |
| flow_label_type                  | NO_LABEL                                            |
| content_rewrite                  |                                                     |
|   rewritable_content_ref         | System-Rewritable-Content-Types                     |
|   request_rewrite_enabled        | False                                               |
|   response_rewrite_enabled       | True                                                |
|   rsp_match_replace_pair[1]      |                                                     |
|     match_string                 | ABC                                                 |
|     replacement_string           |                                                     |
|       type                       | LITERAL_STRING                                      |
|       val                        | XYZ                                                 |
| sideband_profile                 |                                                     |
|   sideband_max_request_body_size | 1024 bytes                                          |
| vip[1]                           |                                                     |
|   vip_id                         | 1                                                   |
|   ip_address                     | 10.160.33.200                                       |
|   enabled                        | True                                                |
|   auto_allocate_ip               | False                                               |
|   auto_allocate_floating_ip      | False                                               |
|   avi_allocated_vip              | False                                               |
|   avi_allocated_fip              | False                                               |
| vsvip_ref                        | vsvip-VS3-Default-Cloud                             |
+----------------------------------+-----------------------------------------------------+

Suggested Reading