Dear colleagues,

I need help with URL rewriting (fw 8.0.3 if it's important).

We have a "bad-coded" local site (let it be site.domain.local. suffix is .local, it's important). A lot of pages of this site contain hardcoded absolute URLs for file download (e.g. https://site.domain.local/storage/filename).

Also site has a builtin user authentication form. When user opens https://site.domain.local/ page the site engine checks that user isn's authenticated, calculates special hash and send 302 redirect message with Location: https://site.domain.local/loginform?hash=XXXX header.

Now we need to publish this site to internet via Fortiweb. We use public name site.company.com for publishing. 

I created HTTP content routing policy for site.company.com -> site.domain.local. I also created web protection profile with URL rewriting policy. Policy contains 3 rules:
1. Rewrite request Host header site.domain.com -> site.domain.local (action Stop)
2. Rewrite response Location header site.domain.local -> site.domain.com (action Continue)

3. Rewrite response HTTP body - any site.domain.local -> site.domain.com (action Stop)

The problem is that policy works only when 1 & 2 rules are active. When I add rule 3 - policy stops working even for the login page which is about 1062 bytes long (header Location stays wrong)!

I suppose because of:

For a Response rewrite rule and the action is “Rewrite HTTP Body”, ensure there is a “Content-Type” header in the response from the backend server, and the Content-Type (also called Internet or MIME file types) must be supported by FortiWeb.

The first page with 302 redirect message doesn't contain any http body so there is no content-type header. And without the first page (where hash is calculated) we can't login. I tried different action combination for policy rewrite rules (e.g. stop after Location header rewrite), it doesn't help.

Am I right? Any suggestions? Looking forward for your help!