Hi Manuel,Are you doing ssl

mwannemacher · ‎02-02-2015

hello team,

i am dealing for a while now with the issue, that we want to replace a windows server maschine doing in IIS only a redirect of http://autodiscover.domain.tld to https://autodiscover.exchange.tld/autodiscover. since it is needed for each client, there is "some" administrative overhead we want to prevent for each new client.

so i configured the following in ACE (snipped)

action-list type modify http autodiscover-redirect
header rewrite response location header-value "https://autodiscover.exchange.tld/autodiscover" replace "http://autodiscover.*.*"

action-list type modify http 80-to-443-rewrite
ssl url rewrite location ".*"

rserver redirect 01_redirect_80-to-443
webhost-redirection https://%h%p 301
inservice

rserver redirect 03_response_redirect_autodiscover
webhost-redirection http://%h%p 301

serverfarm redirect 01_redirect_80-to-443
rserver 01_redirect_80-to-443
inservice

serverfarm redirect 03_response_redirect_autodiscover
rserver 03_response_redirect_autodiscover
inservice

class-map type http loadbalance match-all 02A_autodiscover.*.*
2 match http header Host header-value "autodiscover.*.*"
4 match http url /

policy-map type loadbalance first-match 21_Exchange-HTTPS-Policy

class 02A_autodiscover.*.*
action autodiscover-redirect
class class-default
sticky-serverfarm 21_Exchange-cookie-sticky_443
action 80-to-443-rewrite

but it always is redirecting me directly within the same session to https://autodiscover.exchange.tld/autodiscover instead telling the client to make a new request for https://autodiscover.exchange.tld/autodiscover.

thank you for suggestions.

manuel

Kanwaljeet Singh · ‎02-03-2015

Hi Manuel,

Are you doing ssl termination on ACE? Also, send me the existing "interesting" configuration and i will send you the configuration example.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

mwannemacher · ‎02-03-2015

hello kanwal,

forst of all , thank you for your reply :).

in this case no. i got it work this night (after hours of headache). my problem was the redirect of http requests to https on the same IP for direct exchange access.

so i altered the configuration as follows to another free IP and it works instantly:

rserver redirect 01_redirect_80-to-443
webhost-redirection https://%h%p 301
inservice

serverfarm redirect 01_redirect_80-to-443
rserver 01_redirect_80-to-443
inservice

action-list type modify http 80-to-443-rewrite
ssl url rewrite location ".*"

action-list type modify http 141F_autodiscover-redirect
header rewrite response location header-value "https://autodiscover.exchange.tld/autodiscover" replace "http://autodiscover[.]*[.]*"

class-map match-all 01_redirect_80-to-443-Class
2 match virtual-address A.B.C.D tcp eq www

class-map match-all 141A_redirect_80-to-443-Autodiscover_Class
2 match virtual-address A.B.C.D tcp eq www

class-map type http loadbalance match-all 141C_autodiscover.*.*
2 match http header Host header-value "autodiscover.*.*"
4 match http url /

policy-map type loadbalance first-match 01_redirect_80-to-443-Policy
class class-default
serverfarm 01_redirect_80-to-443

policy-map type loadbalance first-match 141B_redirect_80-to-443-Autodiscover_Policy
class 141C_autodiscover.*.*
serverfarm 01_redirect_80-to-443
action 141F_autodiscover-redirect

policy-map multi-match vlan_504_in
class 141A_redirect_80-to-443-Autodiscover_Class
loadbalance vip inservice
loadbalance policy 141B_redirect_80-to-443-Autodiscover_Policy
nat dynamic 110 vlan 21

but i recognized that the ACE is handling the redirect other than the ARR feature in windows 2012 since in windows for redirect we get a HTTP 200, in ACE the new URL is pushed back to the client and a SSL connection is made instantly.

in fact it works, but the HTTP => HTTPS redirect in windows seems faster than the ACE redirect. this is something i can not catch at the moment. may be we can improve the configuration?

thank you in advance.

manuel

ACE HTTP header response redirect does not work