Creating a Selective Rewriting Resource Policy
Selective rewriting resource policies enable you to define a list of hosts for which you want to intermediate content as well as exceptions to this list. By default, the system intermediates all user requests to Web hosts-unless you have configured the system to serve requests to certain hosts using a different mechanism, such as the Secure Application Manager.
Create a selective rewriting policy if you do not want the system to intermediate traffic from web sites that reside outside of the corporate network, such as yahoo.com, or if you do not want the system to intermediate traffic for client/server applications you have deployed as Web resources, such as Microsoft OWA (Outlook Web Access).
To write a selective rewriting resource policy:
1.In the admin console, choose Users > Resource Policies > Web.
2.If your administrator view is not already configured to show rewriting policies, make the following modifications:
- Click the Customize button in the upper right corner of the page.
- Select the Rewriting check box.
- Select the Selective Rewriting check box below the Rewriting check box.
- Click OK.
3.Select the Rewriting > Selective Rewriting tab.
4.On the Web Rewriting Policies page, click New Policy.
5.Enter a name to label this policy (required) and a description of the policy (optional).
6.In the Resources section, specify the resources to which this policy applies.
7.In the Roles section, specify:
•Policy applies to ALL roles - To apply this policy to all users.
•Policy applies to SELECTED roles - To apply this policy only to users who are mapped to roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.
•Policy applies to all roles OTHER THAN those selected below - To apply this policy to all users except for those who map to the roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.
8.In the Action section, specify:
•Rewrite content - The system intermediates all Web content from the resources specified in the Resources list.
•Rewrite content as - The system intermediates all Web content from the resources specified in the Resources list and rewrites the content as if it were the file type specified in the drop-down list. The available options are:
•HTML - Rewrite content as Hypertext Markup Language (HTML)
•XML - Rewrite content as Extensible Markup Language (XML)
•Javascript - Rewrite content as Java scripting language
•VBScript - Rewrite content as Virtual Basic scripting language
•CSS - Rewrite content as Cascading Style Sheets
•XSLT - Rewrite content as XML Style Sheets
•Flash - Rewrite content as Shockwave Flash
•DTD - Rewrite content as Document Type Definitions (DTD)
•HTC - Rewrite content as HTML component
The following table summarizes the existing contents that are rewritten for IPv4 and IPv6.
Contents Rewritten for IPv4 and IPv6
|
Content Type |
IPv6 Supported |
Source Class |
|
HTML |
Yes |
DSContentHtmlRewriter/DSContentHTMLHelpHHCRewriter |
|
JavaScript |
Yes |
DSContentScriptRewriter/DSContentScriptRewriter |
|
CSS |
Yes |
DSContentCssRewriter |
|
XML |
|
DSContentXMLRewriter |
|
MSP |
|
DSContentMSPRewriter |
|
Flash |
|
DSContentSWFRewriter |
|
DTD |
|
DSContentDTDRewriter |
|
Siebel |
|
DSContentSiebelRewriter |
|
|
|
DSContentPDFRewriter |
|
XSL |
Yes |
DSContentXSLPartialRewriter |
|
Manifest |
|
DSContentManifestRewriter |
|
Java |
|
DSContentJavaRewriter |
•Don't rewrite content: Redirect to target Web server - The system does not intermediate Web content from the resources specified in the Resources list and automatically redirects the request to the target Web server. This is the default option for all rewrite resource policies that you create. If you select this option, you might want to specify that the system open the unrewritten pages in a new window.
Do not select this option if the specified content needs to access resources inside your corporate network. For instance, if you specify that the system should not rewrite a particular file, and that file calls another file within your network, the user will see an error.
•Don't rewrite content: Do not redirect to target Web server - The system retrieves the content from the original Web server, but does not modify it. This is useful in cases where users may not be able to reach the original server, thus disabling redirection. (For example, if the Web server is not accessible from the public internet because it resides behind a firewall.)
The Don't rewrite content: Do not redirect to target Web server option allows users to download data from network resources via the system, but bypasses the rewriting engine in the process. We recommend you use this feature only when rewriting signed Java applets-not other content types. For other content types such as HTML and Javascript, use the Don't rewrite content: Redirect to target Web server option to download an applet via the system, thus enabling direct connections to network resources.
•Optimize as long lived resource (no rewrite) - Some http(s) resources which are long lived, are known to cause high CPU usage. Examples of this kind of resources are:
•Outlook web access PendingNotificationRequest identified by pattern
":/ns=PendingRequest&ev=PendingNotificationRequest"
•VMware horizon view HTML5 feature's heartbeat request identified by pattern
":/system/wts,system/heartbeat"
These resources can be optimized to use less resources by enabling this option. This option does not work if the resource which is optimized is:
•Kerberos protected resource
•Has Web proxy policy configured
•Resource is accessed through HTTP POST method and SSO is configured.
9.Click Save Changes.
On the Web Rewriting Policies page, order the policies according to how you want to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a policy's (or a detailed rule's) Resource list, it performs the specified action and stops processing policies.