02-02-2015 09:26 AM
hello team,
i am dealing for a while now with the issue, that we want to replace a windows server maschine doing in IIS only a redirect of http://autodiscover.domain.tld to https://autodiscover.exchange.tld/autodiscover. since it is needed for each client, there is "some" administrative overhead we want to prevent for each new client.
so i configured the following in ACE (snipped)
action-list type modify http autodiscover-redirect
header rewrite response location header-value "https://autodiscover.exchange.tld/autodiscover" replace "http://autodiscover.*.*"
action-list type modify http 80-to-443-rewrite
ssl url rewrite location ".*"
rserver redirect 01_redirect_80-to-443
webhost-redirection https://%h%p 301
inservice
rserver redirect 03_response_redirect_autodiscover
webhost-redirection http://%h%p 301
serverfarm redirect 01_redirect_80-to-443
rserver 01_redirect_80-to-443
inservice
serverfarm redirect 03_response_redirect_autodiscover
rserver 03_response_redirect_autodiscover
inservice
class-map type http loadbalance match-all 02A_autodiscover.*.*
2 match http header Host header-value "autodiscover.*.*"
4 match http url /
policy-map type loadbalance first-match 21_Exchange-HTTPS-Policy
class 02A_autodiscover.*.*
action autodiscover-redirect
class class-default
sticky-serverfarm 21_Exchange-cookie-sticky_443
action 80-to-443-rewrite
but it always is redirecting me directly within the same session to https://autodiscover.exchange.tld/autodiscover instead telling the client to make a new request for https://autodiscover.exchange.tld/autodiscover.
thank you for suggestions.
manuel
02-03-2015 06:55 AM
Hi Manuel,
Are you doing ssl termination on ACE? Also, send me the existing "interesting" configuration and i will send you the configuration example.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
02-03-2015 07:05 AM
hello kanwal,
forst of all , thank you for your reply :).
in this case no. i got it work this night (after hours of headache). my problem was the redirect of http requests to https on the same IP for direct exchange access.
so i altered the configuration as follows to another free IP and it works instantly:
rserver redirect 01_redirect_80-to-443
webhost-redirection https://%h%p 301
inservice
serverfarm redirect 01_redirect_80-to-443
rserver 01_redirect_80-to-443
inservice
action-list type modify http 80-to-443-rewrite
ssl url rewrite location ".*"
action-list type modify http 141F_autodiscover-redirect
header rewrite response location header-value "https://autodiscover.exchange.tld/autodiscover" replace "http://autodiscover[.]*[.]*"
class-map match-all 01_redirect_80-to-443-Class
2 match virtual-address A.B.C.D tcp eq www
class-map match-all 141A_redirect_80-to-443-Autodiscover_Class
2 match virtual-address A.B.C.D tcp eq www
class-map type http loadbalance match-all 141C_autodiscover.*.*
2 match http header Host header-value "autodiscover.*.*"
4 match http url /
policy-map type loadbalance first-match 01_redirect_80-to-443-Policy
class class-default
serverfarm 01_redirect_80-to-443
policy-map type loadbalance first-match 141B_redirect_80-to-443-Autodiscover_Policy
class 141C_autodiscover.*.*
serverfarm 01_redirect_80-to-443
action 141F_autodiscover-redirect
policy-map multi-match vlan_504_in
class 141A_redirect_80-to-443-Autodiscover_Class
loadbalance vip inservice
loadbalance policy 141B_redirect_80-to-443-Autodiscover_Policy
nat dynamic 110 vlan 21
but i recognized that the ACE is handling the redirect other than the ARR feature in windows 2012 since in windows for redirect we get a HTTP 200, in ACE the new URL is pushed back to the client and a SSL connection is made instantly.
in fact it works, but the HTTP => HTTPS redirect in windows seems faster than the ACE redirect. this is something i can not catch at the moment. may be we can improve the configuration?
thank you in advance.
manuel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide