Hello community!
Finally with support’s help we found solution (for software versions specified in the first post and also for R81 after update).
Step 1.
We have to use regular expressions to help gateway to translate URLs encoded in JavaScript. These regular expressions should be configured in $CVPNDIR/conf/httpd.conf file after following:
#----------------------------------------------------------------
# HT Configurations - START
#----------------------------------------------------------------
CvpnHTAddStringForReplaceAndRunTranslation ‘https\x3a\x2f\x2fYYYY\x2dZZZZ.HHHH.HH’ ‘https://YYYY-ZZZZ.HHHH.HH'
…
Step 2.
Also in the same file we should check some options which relevant to translation, these options are:
CvpnTranslateRequestBody On
AllowEncodedSlashes On
Step 3.
Also we added our internal links to $CVPNDIR/conf/includes/Web_inside_location.conf file:
CvpnAcceptEncodingForUrl https://YYYY-ZZZZ.HHHH.HH
…
It seems MAB can’t do dynamic translations (from perspective of dynamic content such as JavaScript).
Additional step.
Specifically in our case we have multiple SAP hosts behind MAB portal and according to SAP logic client should be redirected between them a few times during navigation. This behavior creates an additional issue. Gateway appends X-Frame-Options header to each translated HTTP response with value SAMEORIGIN, which designed to prevent clickjacking attack, but in our situation it prevents normal working so we can disable this by commenting following line in $CVPNDIR/conf/includes/HT.virtualhost.conf file:
#Header always append X-Frame-Options SAMEORIGIN
Additional step on R81.
Also after update to R81 we need to disable Web Intelligence module (it seems some of our URLs were blocked by this module). This can be done through $CVPNDIR/conf/httpd.conf file by commenting following line:
#LoadModule wi_module $CVPNDIR/lib/libModWI.so (this also mentioned in Administration guide for R81 - ‘MAB Configuration and Settings’).
Maybe it will help someone with similar issues. Of course all of the described steps should be done ONLY with support and after clear debug.
Many thanks to support team!