# # # URL Remapping Config File # # Format is: # ://:/ ://:/ fromURL toURL # this last directive is optional and can be different for different types of # are optional ACL-like argumens unique for each remap rule # # Five different types of mappings are possible -- 'map', 'map_with_referer', # 'reverse_map', 'redirect', and 'redirect_temporary'. Each of these map types # can be prefixed with the string 'regex_' to indicate that the rule will have # regular expression strings. See the last part of this description for more # information on regex support. # # The 'map' mapping is the most straightforward. Requests that match the # from URL are changed into the to URL. The user agent will see the new # page but will not be notified of the address change. # The 'map_with_referer' is an extended version of 'map', which can be used # to activate the so-called "deep linking protection" feature avaialble in # Traffic Server. # The 'reverse_map' mapping is used to rewrite location headers sent by # the origin server. The 'redirect' mapping creates a permanent redirect # message and informs the browser of the URL change. # The 'redirect_temporary' mapping acts in the same way but tells the browser # that this redirect is only temporary. We need to map the URL in reverse # proxy mode so that user agents know to contact Traffic Server and not # attempt to contact the Origin Server directly. # # For example, you can set up a reverse proxy for www.example.com with the # real content situated at server1.example.com with the rules: # # map http://www.example.com/ http://server1.example.com/ # reverse_map http://server1.example.com/ http://www.example.com/ # # Or you could permanently redirect users trying to access www.oldserver.com # to www.newserver.com with the following rule: # # redirect http://www.oldserver.com/ http://www.newserver.com # # If the redirect is only temporary, you want to only temporarily remap the # URL. You could use the following rule to divert users away from a failed # server: # # redirect_temporary http://broken.firm.com http://working.firm.com # NOTE: the "" directive is completely OPTIONAL and specifies # a unique identifier for the remap rule. This is needed for MIXT, since # we may want to select a remap rule that is not necessarily the first # one that matches. # # In order to use "deep linking protection" Traffic Server's feature, the 'map_with_referer' # mapping scheme must be used. # In general, the format of 'map_with_referer' is the following: # # map_with_referer fromURL toURL redirectURL refererRegExp1 [refererRegExp2 ... refererRegExp2] # # Where fromURL and toURL must be specified in the same manner as in a regular 'map'. # redirectURL is a redirection URL specifed according to RFC 2616 and can contain # special formatting instructions for run-time modifications of the resulting redirection URL. # refererRegExp is a POSIX regular expression, which describes the content of the "Referer" header # which must be verified. In case an actual request does not have "Referer" header or # it does not match with referer regular expression, the HTTP request will be redirected to # redirectURL. # At least one refererRegExp must be specified in order to activate 'deep linking protection'. # There are limitations for the number of referer regular expression strings - 2048. # In order to enable the 'deep linking protection' feature in Traffic Server # 'CONFIG proxy.config.http.referer_filter INT 1' configuration record must be specified in # the records.config file. Without this configuration record, the 'map_with_referer' entry will be # treated as a regular 'map' without "Referer" header validation. # In order to enable run-time formatting for redirectURL # 'CONFIG proxy.config.http.referer_format_redirect INT 1' must be specified in the records.config file. # Without this configuration record redirectURL will be used 'as is' without modifications. # However, if run-time formatting for redirectURL was enabled the following format symbols can be used: # %r - to substitute original "Referer" header string from client's request. # %f - to substitute fromURL from 'map_with_referer' record # %t - to substitute toURL from 'map_with_referer' record # %o - to substiture request URL to origin server, which was created as the result of a mapping operation # # Note: There is a special referer type "~*" that can be used in order to specify that the Referer header is optional in the request. # If "~*" referer was used in map_with_referer mapping, only requests with Referer header will be verified for validity. # If the "~" symbol was specified before referer regular expression, it means that the request with a matching referer header # will be redirected to redirectURL. It can be used to create a so-called negative referer list. # If "*" was used as a referer regular expression - all referers are allowed. # Various combinations of "*" and "~" in a referer list can be used to create different filtering rules. # # For example, # map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games .*\.bar\.com www.bar-friends.com # Rule: Referer header must be in the request, only ".*\.bar\.com" and "www.bar-friends.com" are allowed. # # map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/new_games * ~.*\.evil\.com # Rule: Referer header must be in the request but all referers are allowed except ".*\.evil\.com". # # map_with_referer http://y.foo.bar.com/x/yy/ http://foo.bar.com/x/yy/ http://games.bar.com/error ~* * ~.*\.evil\.com # Rule: Referer header is optional. However, if Referer header exists, only request from ".*\.evil\.com" will be redirected to redirectURL. # # There are optional filtering arguments that can be specified at the end of the mapping definition line: # # @action=allow|deny # @src_ip=IP-address # @method=HTTP method string (CONNECT|DELETE|GET|HEAD|ICP_QUERY|OPTIONS|POST|PURGE|PUT|TRACE|PUSH) # @plugin= # @pparam= # # There is no limitation for the number of filtering arguments. # # For example: # map http://foo.cow.com/ http://bar.cow.com @src_ip=10.72.118.51-10.72.118.62 @method=GET @method=DELETE @src_ip=192.168.0.1-192.168.0.254 @action=allow @method=PUT # # # .defflt disable_all @action=deny @src_ip=0.0.0.1-254.254.254.254 # .defflt disable_delete_purge @action=deny @method=delete @method=purge # .useflt disable_all # .useflt disable_delete_purge # # Regex support: Regular expressions can be specified in the rules with the # following limitations: # # 1) Only the host field can have regexes - the scheme, port and other fields cannot # (use yts_regex_remap plugin for path manipulation using regexes) # 2) The number of capturing sub-patterns is limited to 9; this means $0 through $9 can # be used as substitution place holders ($0 will be the entire input string) # 3) The number of substitutions in the expansion string is limited to 10 #