Systems and methods for configuration driven rewrite of SSL VPN clientless sessions
First Claim
1. A method for rewriting by an intermediary content transmitted between a client and a server, the method comprising:
- a) identifying, by a device intermediary to a client and a server, responsive to determining that a type of session established between the client and the server is a clientless secured session, an access profile for a request from the client to access content from the server based on applying a rule to content of the request, the access profile for clientless secured sessions, the access profile including a rewrite policy for rewriting uniform resource locators (URLs) and a plurality of pattern sets comprising regular expressions for finding the URLs to rewrite in different types of content transmitted by the server to the client via the clientless secure session;
b) finding, by the device, in response to the access profile identified responsive to determining that the type of session established is the clientless secured session, a URL in content of a response of the server to the request by matching a regular expression of one of the plurality of pattern sets to a portion of the content;
c) rewriting, by the device, in accordance with the rewrite policy the URL found in the content; and
d) transmitting, by the device to the client, via the clientless secured session the response comprising the rewritten URL.
7 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client'"'"'s requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients'"'"' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.
24 Citations
20 Claims
-
1. A method for rewriting by an intermediary content transmitted between a client and a server, the method comprising:
-
a) identifying, by a device intermediary to a client and a server, responsive to determining that a type of session established between the client and the server is a clientless secured session, an access profile for a request from the client to access content from the server based on applying a rule to content of the request, the access profile for clientless secured sessions, the access profile including a rewrite policy for rewriting uniform resource locators (URLs) and a plurality of pattern sets comprising regular expressions for finding the URLs to rewrite in different types of content transmitted by the server to the client via the clientless secure session; b) finding, by the device, in response to the access profile identified responsive to determining that the type of session established is the clientless secured session, a URL in content of a response of the server to the request by matching a regular expression of one of the plurality of pattern sets to a portion of the content; c) rewriting, by the device, in accordance with the rewrite policy the URL found in the content; and d) transmitting, by the device to the client, via the clientless secured session the response comprising the rewritten URL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for rewriting by an intermediary content transmitted between a client and a server, the system comprising:
-
a device intermediary to a client and a server, the device having one or more processors; an access profile configured on the device, the access profile including a rewrite policy for rewriting uniform resource locators (URLs) and a plurality of pattern sets comprising regular expressions for finding the URLs to rewrite in different types of content transmitted by the server to the client, wherein the device is configured to identify, responsive to a determination that a type of session established between the client and the server is a clientless secured session, the access profile for clientless secured sessions, the access profile for a request from the client to access content from the server via the clientless secured session based on applying a rule to content of the request; wherein the device is configured to find, in response to the access profile identified responsive to the determination that the type of session established is the clientless secured session, a URL in content of a response of the server to the request by matching a regular expression of one of the plurality of pattern sets to a portion of the content, rewrite the URL found in the content in accordance with the rewrite policy and transmit to the client the response comprising the rewritten URL via the clientless secured session. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification