02-07-2013 05:00 PM
Hello,
I'm new on ACE technologies , I would like to know how to configure a redirection on the ACE from HTTP to HTTPS using specific URL
example http://test.domain.com to https://test.domain.com, the SSL certificates were installed on the servers.
Thank you.
02-08-2013 02:47 AM
Hi Luis,
I have answered the similar question in past:
Check the following :
https://supportforums.cisco.com/thread/2156052
Ideally this is what which makes it to work:
rserver redirect Sharepoint_HTTPS_Redirect
webhost-redirection https://%h%p 302
inservice
serverfarm redirect SharePoint_HTTPS_SFarm
rserver Sharepoint_HTTPS_Redirect
inservice
policy-map type loadbalance first-match Sharepoint_HTTP
class class-default
serverfarm Sharepoint_HTTPS_Redirect
You can refer the give link that consist of complete configuration. If you have specific question please let me know.
regards,
Ajay Kumar
02-13-2013 03:38 PM
thanks it works on my ACE load balancer, but not I have a problem trying to redirect a url :
this is the scenario:
http://web.domain.com to https://web.domain.com/test/login.aspx
In the same host of web.domain.com (1.1.1.1) reside others URL and we just only need to redirect web.domain.com to web.domain./test/login.aspx , the other urls should be chante from http to https only.
How can I configure that on the ACE?
I tried to use the the http header "web.domain.com" and url but it doesn't work. I'll appreciate your help.
thank you.
02-13-2013 03:55 PM
Hey Luis,
Could you upload the configuration related to the issue?
How are you testing this? Are you using the hostname in the browser or the IP address directly?
Did you clear the browser cache before doing the tests to make sure you are getting "faulty" results?
Have you tried to use a testing page to try to redirect from http to http to see if the redirection works?
Would it be possible to upload the certificates on the ACE to configure it to do SSL termination?
Could you check if it redirects from works or not?
http://web.domain.com ----> https://web.domain.com
Jorge
02-13-2013 11:31 PM
02-14-2013 08:16 AM
Hello ,
This is the scenario:
-There are more than 1 url in the host 1.1.1.1 (virtual IP)
-If the URL match http://web.domain.com or https://web.domain.com should be redirect to https://web.domain.com/indentity/default.aspx
- the other url for example http://web.domain.com/test/login.asp should be redirect to https only
https://web.domain.com/test/login.aspx
-or th if the url is
https://web.domain.com/test/login.asp shouldn't be redirect to https
I'm using this configuration for the http redirection and the url
rserver redirect WEB-TO-HTTPS
webhost-redirection https://web.domain.comt/identity/default.aspx 301
inservice
serverfarm redirect WEB-TO-HTTPS-SF
rserver WEB-TO-HTTPS
inservice
serverfarm redirect REDIRECT-SERVERFARM-HTTP-HTTPS
rserver REDIRECT-TO-HTTPS
inservice
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
serverfarm host HOST_TEST
predictor leastconns
probe TcpStandardProbe
rserver HOST_A 80
inservice
rserver HOST_B 80
inservice
class-map type http loadbalance match-all WEB-TO-HTTPS
2 match http header Host header-value “web.domain.com”
class-map match-all HOST_TEST_A
2 match virtual-address 1.1.1.1 tcp eq www
class-map match-all HOST_TEST_B
2 match virtual-address 1.1.1.1 tcp eq https
policy-map type loadbalance http first-match WEB-TO-HTTPS
class WEB-TO-HTTPS
serverfarm WEB-TO-HTTPS-SF
class class-default
serverfarm REDIRECT-SERVERFARM-HTTP-HTTPS
class HOST_TEST_A
loadbalance vip inservice
loadbalance policy WEB-TO-HTTPS
loadbalance vip icmp-reply
class HOST_TEST_B
loadbalance vip inservice
loadbalance policy WEB-TO-HTTPS
loadbalance vip icmp-reply
ssl-proxy server HOST_A
02-14-2013 09:39 AM
Luis,
Can you upload this output?
# show service-policy
# show service-policy
Additionally, you may try to match the url since it looks you are trying to terminate the traffic for:HOST_TEST_B.
Jorge.
02-14-2013 11:32 AM
This is the output for the HOST_A , I'm testing only that host know
Status : ACTIVE
Description: -----------------------------------------
Interface: vlan 1 16 24
service-policy: PM_multi_mtch
class: HOST_A
VIP Address: Protocol: Port:
10.21.24.58 tcp eq 80
loadbalance:
L7 loadbalance policy: WEB-TO-HTTPS
Regex dnld status : SUCCESSFUL
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 47
dropped conns : 18
client pkt count : 696 , client byte count: 85124
server pkt count : 700 , server byte count: 325708
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : WEB-TO-HTTPS
class/match : WEB-TO-HTTPS
LB action :
primary serverfarm:WEB-TO-HTTPS-SF
state: UP
backup serverfarm : -
hit count : 0
dropped conns : 0
compression : off
class/match : class-default
LB action :
primary serverfarm: REDIRECT-SERVERFARM-HTTP-HTTPS
state: UP
backup serverfarm : -
hit count : 0
dropped conns : 0
compression : off
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
I would like to know if that scenario is possible on the ACE loadbalancer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide