10-14-2012 06:10 AM
Good day,
I was presented with a requirement from a customer as follows:
1. Site published to customer was http://www.abc.com
2. Actual site is http://abc.com
3. Requirment is for site to be accessed via https
Originally https configuration implemeted with SSL offloading. No problem, all working fine (or so was thought as abc.com site was tested) as this was the site with the cert. issued to this and the "mishap" of the in-correct publication of the www.abc.com site was only picked up later.
Now, first requirement is to redirect http to https. Implemted and tested, no worries.
Second, access to www.abc.com presents cert. error.
So, we now are requested to redirect www.abc.com to abc.com, then redirect all http to https.
So, off I go and try implement this.
The final config applied is below:
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
rserver redirect WWW-REDIRECT
webhost-redirection http://abc.com 301
inservice
serverfarm redirect REDIRECT-Serverfarm
rserver REDIRECT-TO-HTTPS
inservice
serverfarm redirect WWW-REDIRECT-Serverfarm
rserver WWW-REDIRECT
inservice
class-map type http loadbalance match-any ABC-WWW-L7CLASS
2 match http header Host header-value "www.abc.com"
class-map match-all VIP-PUBLIC
2 match virtual-address xxx.xxx.xxx.186 tcp eq https
class-map match-all VIP-PUBLIC-HTTP-REDIRECT
2 match virtual-address xxx.xxx.xxx.186 tcp eq www
policy-map type loadbalance first-match REDIRECT-POLICY
class ABC-WWW-L7CLASS
serverfarm WWW-REDIRECT-Serverfarm
class class-default
serverfarm REDIRECT-Serverfarm
policy-map type loadbalance first-match WEB_LB
class class-default
sticky-serverfarm VIP-COOKIE-STICKY
policy-map multi-match PUBLIC-VIP
class VIP-PUBLIC-HTTP-REDIRECT
loadbalance vip inservice
loadbalance policy REDIRECT-POLICY
loadbalance vip icmp-reply active
appl-parameter http advanced-options HTTP_PARAM_MAP
class VIP-PUBLIC
loadbalance vip inservice
loadbalance policy WEB_LB
loadbalance vip icmp-reply active
loadbalance vip advertise active
appl-parameter http advanced-options HTTP_PARAM_MAP
ssl-proxy server abc.com
This is working. I just wanted to post this as while appying this, I recieved the following message while applying the second part within the policy map:
" Error: An action already exists. Delete that first.". I then tryied again and it was accepted and it is working.
So I suppose my questions are;
1. Is the message valid?
2. If so, how is this working?
3. Is this an eroneous message?
4. is this a bug, and will it "stop" working? Should I not be too comfortable?
Just wanted to post this and find out if anyone may have had to do something similar, if it worked for them and if they encountered something similar?
Thanks in advance, as always.
Paul.
10-14-2012 06:54 AM
Hi Paul,
I have seen this message but the behavior is inconsistent. This error message would be appropriate if some one configures another configuration/action without removing existing configuration/action. But i have seen this coming even without that and as in your case it worked while trying again.
I searched internally and found that this issue was reported to development but was not reproduced so it was not pursued further.
In my case also things worked fine after the configuration was applied successfully after error message. I would suggest reporting this to TAC in case the issue shows up again or you face any issues with above.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide