cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
890
Views
0
Helpful
4
Replies

ACE 4710 - Parameters Lost in URL

Rehan Khan
Level 1
Level 1

Hi Everyone,

I have configured SSL offloading and redirection on a 4710 appliance. Everything works fine. The issue I am facing is that some parameters in url are getting lost.

I have https://%h/%p configured as a redirect server which works fine as far as hostname and path is concerned. i.e. full hostname and path are preserved, but that there are some parameters after the full path in encrypted format which are getting lost. I think 307 redirect can resolve this issue but ACE does not support that.

Has anyone faced something similar? Any suggestions would be helpful.


Thanks.

Rehan

4 Replies 4

Jorge Bejarano
Level 4
Level 4

Rehan,

Could you paste the configuration which you are using for this?

Are you using a HTTP parameter for this?

Please upload the #show stats http.

Jorge

Cesar Roque
Level 4
Level 4

Hi Rehan,

Those parameters are part of the URL or are part of the HTTP headers?

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

Rehan Khan
Level 1
Level 1

Hi,

See the snip of the config

parameter-map type ssl SSL-MAP

  session-cache timeout 600

parameter-map type http HTTP-MAP

  persistence-rebalance

rserver host E-SERVER01

  ip address X.X.X.Y

  inservice

rserver host E-SERVER02

  ip address X.X.X.Z

  inservice

rserver redirect E-SERVICE

  webhost-redirection https://%h/%p 302

  inservice

serverfarm host E-SERVERS

  rserver E-SERVER01 80

    inservice

  rserver E-SERVER02 80

    inservice

serverfarm redirect SF-RE-DIRECT

  rserver E-SERVICE

    inservice

class-map match-any E-WEB-HTTP

  2 match virtual-address X.X.X.15 tcp eq www

class-map match-any E-WEB-HTTPS

  3 match virtual-address X.X.X.15 tcp eq https

sticky ip-netmask 255.255.255.255 address source WEB-STICKY

  replicate sticky

  serverfarm E-SERVERS

policy-map type loadbalance first-match PM-E-WEB

  class class-default

    sticky-serverfarm WEB-STICKY

    insert-http ClientProtocol header-value "https"

policy-map type loadbalance first-match PM-REDIRECT

  class class-default

    serverfarm SF-RE-DIRECT

policy-map multi-match SLB-POLICY

  class E-WEB-HTTPS

    loadbalance vip inservice

    loadbalance policy PM-E-WEB

    loadbalance vip icmp-reply

    appl-parameter http advanced-options HTTP-MAP

    ssl-proxy server SSL-MAP

  class E-WEB-HTTP

    loadbalance vip inservice

    loadbalance policy PM-REDIRECT

    loadbalance vip icmp-reply

    appl-parameter http advanced-options HTTP-MAP

@Jorge: The device has many policies and has been running for a few years, therefore the show stats http command will not be of much help as we may see other traffic statistics/errors. If your looking for max parse len errors then thats not happening. The url length is not that long. Let me know if anything specific you want me to check.

@Cesar: I will check but as per the information I have there are some parameters after the complete path "/" which are hash value of an authentication request. Basically what is happening when the user goes to the page, user needs to enter credentials. Once the user clicks submit the page just reloads, instead of going to the requested url.

Thanks for your support,

Rehan

Hi Rehan,

You must be use action-list type modify command to achive the desired Result.

action-list type modify http Rewrite_Redirects

    ssl url rewrite location ".*"

policy-map type loadbalance first-match bsm-ssl-back

  class class-default

    serverfarm

    action Rewrite_Redirects

this should work if vip are accessible via https.

Review Cisco Networking for a $25 gift card