cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4524
Views
0
Helpful
7
Replies
lecarbajalp
Beginner

ACE 4700 redirect http to https

Hello,

I'm new on ACE technologies , I would like to know how to configure a redirection on the ACE from HTTP to HTTPS using specific URL

example http://test.domain.com to https://test.domain.com, the SSL certificates were installed on the servers.

Thank you.

7 REPLIES 7
ajayku2
Enthusiast

Hi Luis,

I have answered the similar question in past:

Check the following :

https://supportforums.cisco.com/thread/2156052

Ideally this is what which makes it to work:

rserver redirect Sharepoint_HTTPS_Redirect

  webhost-redirection https://%h%p 302

  inservice

serverfarm redirect SharePoint_HTTPS_SFarm

  rserver Sharepoint_HTTPS_Redirect

    inservice

policy-map type loadbalance first-match Sharepoint_HTTP

  class class-default

    serverfarm Sharepoint_HTTPS_Redirect

You can refer the give link that consist of complete configuration. If you have specific question please let me know.

regards,

Ajay Kumar

thanks it works on my ACE load balancer, but not I have a problem trying to redirect a url :

this is the scenario:

http://web.domain.com  to https://web.domain.com/test/login.aspx

In the same host of web.domain.com (1.1.1.1) reside others URL and we just only need to redirect web.domain.com to web.domain./test/login.aspx , the other urls should be chante from http to https only.

How can I configure that on the ACE?

I tried to use the the http header "web.domain.com" and url but it doesn't work. I'll appreciate your help.

thank you.

Hey Luis,

Could you upload the configuration related to the issue?

How are you testing this? Are you using the hostname in the browser or the IP address directly?

Did you clear the browser cache before doing the tests to make sure you are getting "faulty" results?

Have you tried to use a testing page to try to redirect from http to http to see if the redirection works?

Would it be possible to upload the certificates on the ACE to configure it to do SSL termination?

Could you check if it redirects from works or not?

http://web.domain.com ----> https://web.domain.com

Jorge

Hi Luis,

Try to match with "web\.domain\.com" that should help.

regards,

Ajay Kumar

Hello ,

This is the scenario:

-There are more than 1 url in the host 1.1.1.1 (virtual IP)

-If the URL match http://web.domain.com or https://web.domain.com should be redirect to https://web.domain.com/indentity/default.aspx

- the other url for example http://web.domain.com/test/login.asp should be redirect to https only

https://web.domain.com/test/login.aspx

-or th if the url is

https://web.domain.com/test/login.asp shouldn't be redirect to https

I'm using this configuration for the http redirection and the url

rserver redirect WEB-TO-HTTPS

webhost-redirection https://web.domain.comt/identity/default.aspx 301

inservice

serverfarm redirect WEB-TO-HTTPS-SF

rserver WEB-TO-HTTPS

   inservice

serverfarm redirect REDIRECT-SERVERFARM-HTTP-HTTPS

  rserver REDIRECT-TO-HTTPS

    inservice

rserver redirect REDIRECT-TO-HTTPS

  webhost-redirection https://%h%p 301

  inservice

serverfarm host HOST_TEST

predictor leastconns

probe TcpStandardProbe

rserver HOST_A 80

   inservice

rserver HOST_B 80

   inservice

class-map type http loadbalance match-all WEB-TO-HTTPS

2 match http header Host header-value “web.domain.com”

class-map match-all HOST_TEST_A

2 match virtual-address 1.1.1.1 tcp eq www

class-map match-all HOST_TEST_B

2 match virtual-address 1.1.1.1 tcp eq https

policy-map type loadbalance http first-match WEB-TO-HTTPS

  class WEB-TO-HTTPS

    serverfarm WEB-TO-HTTPS-SF

  class class-default

    serverfarm REDIRECT-SERVERFARM-HTTP-HTTPS

class HOST_TEST_A

    loadbalance vip inservice

    loadbalance policy WEB-TO-HTTPS

    loadbalance vip icmp-reply

  class HOST_TEST_B

    loadbalance vip inservice

    loadbalance policy WEB-TO-HTTPS

    loadbalance vip icmp-reply

    ssl-proxy server HOST_A

Luis,

Can you upload this output?

# show service-policy class-map HOST_TEST_A detail

# show service-policy class-map HOST_TEST_B detail

Additionally, you may try to match the url since it looks you are trying to terminate the traffic for:HOST_TEST_B.

Jorge.

This is the output for the HOST_A , I'm testing only that host know

Status     : ACTIVE

Description: -----------------------------------------

Interface: vlan 1 16 24

  service-policy: PM_multi_mtch

    class: HOST_A

     VIP Address:    Protocol:  Port:

     10.21.24.58     tcp        eq    80

      loadbalance:

        L7 loadbalance policy: WEB-TO-HTTPS

        Regex dnld status    : SUCCESSFUL

        VIP ICMP Reply       : ENABLED

        VIP State: INSERVICE

        VIP DWS state: DWS_DISABLED

        Persistence Rebalance: ENABLED

        curr conns       : 0         , hit count        : 47

        dropped conns    : 18

        client pkt count : 696       , client byte count: 85124

        server pkt count : 700       , server byte count: 325708

        conn-rate-limit      : 0         , drop-count : 0

        bandwidth-rate-limit : 0         , drop-count : 0

        L7 Loadbalance policy : WEB-TO-HTTPS

          class/match : WEB-TO-HTTPS

            LB action :

               primary serverfarm:WEB-TO-HTTPS-SF

                    state: UP

                backup serverfarm : -

            hit count        : 0

            dropped conns    : 0

            compression      : off

          class/match : class-default

            LB action :

               primary serverfarm: REDIRECT-SERVERFARM-HTTP-HTTPS

                    state: UP

                backup serverfarm : -

            hit count        : 0

            dropped conns    : 0

            compression      : off

      compression:

        bytes_in  : 0                          bytes_out : 0

        Compression ratio : 0.00%

                Gzip: 0               Deflate: 0

      compression errors:

        User-Agent  : 0               Accept-Encoding    : 0

        Content size: 0               Content type       : 0

        Not HTTP 1.1: 0               HTTP response error: 0

        Others      : 0

I would like to know if that scenario is possible on the ACE loadbalancer.