sh run
Generating configuration....

crypto chaingroup IBECHAINGRP
  cert fly1.xxxxxxxx.com.cer
  cert GTE_Cyber.pem
  cert Comtrust_Root.pem
  cert Comtrust_Server.pem

crypto csr-params CSR_IBEPARAMS_1
  country xx
  state xxxxx
  locality xxx
  organization-name xxxxxxxxAirlines
  organization-unit xxxxxxxxAirlines
  common-name fly1.xxxxxxxx.com
  serial-number 1010

access-list ANY line 8 extended permit ip any any
access-list ANY line 16 extended permit icmp any any
access-list ICMP-ONLY line 8 extended permit icmp any any
access-list xx-fly1 line 8 extended permit ip host 94.203.119.222 any

probe http HTTP_Probe
  interval 30
  faildetect 2
  passdetect count 1
  expect status 200 399
  expect status 401 401

parameter-map type connection MSS_1200
  set tcp mss min 536 max 1172

rserver host xxxegww57
  ip address 10.22.52.20
  probe HTTP_Probe
  inservice
rserver host xxxegww58
  ip address 10.22.52.21
  probe HTTP_Probe
  inservice
rserver host xxxegww59
  ip address 10.22.52.22
  probe HTTP_Probe
  inservice
rserver host xxxegww60
  ip address 10.22.52.23
  probe HTTP_Probe
  inservice

ssl-proxy service SSL-PSERVICE-SERVER
  key ibersakey.pem
  cert fly1.xxxxxxxx.com.cer
  chaingroup IBECHAINGRP

serverfarm host IBE-HTTP
  rserver xxxegww57 80
    inservice
  rserver xxxegww58 80
    inservice
  rserver xxxegww59 80
    inservice
  rserver xxxegww60 80
    inservice

sticky ip-netmask 255.255.255.0 address both IBE-STICKY-GRP1
  timeout 720
  replicate sticky
  serverfarm IBE-HTTP

class-map match-any ICMP-TRAFFIC
  2 match access-list ICMP-ONLY
class-map match-all VIP-IBE-HTTP
  2 match virtual-address 10.22.52.10 tcp eq www
class-map match-all VIP-IBE-HTTPS
  2 match virtual-address 10.22.52.10 tcp eq https
class-map type management match-any mgmt
  10 match protocol icmp any
  20 match protocol telnet any

policy-map type management first-match mgmt
  class mgmt
    permit

policy-map type loadbalance first-match IBE-HTTP
  class class-default
    sticky-serverfarm IBE-STICKY-GRP1
policy-map type loadbalance first-match IBE-HTTPS
  class class-default
    sticky-serverfarm IBE-STICKY-GRP1

policy-map multi-match ICMP-INSPECT
  class ICMP-TRAFFIC
    inspect icmp error
policy-map multi-match VIP-HTTP
  class VIP-IBE-HTTP
    loadbalance vip inservice
    loadbalance policy IBE-HTTP
    loadbalance vip icmp-reply
policy-map multi-match VIP-HTTPS
  class VIP-IBE-HTTPS
    loadbalance vip inservice
    loadbalance policy IBE-HTTPS
    loadbalance vip icmp-reply
    ssl-proxy server SSL-PSERVICE-SERVER
    connection advanced-options MSS_1200

interface vlan 950
  description *** Server Side VLAN ***
  bridge-group 1
  mtu 9216
  access-group input ANY
  access-group output ANY
  service-policy input mgmt
  no shutdown
interface vlan 951
  description *** Client Side VLAN ***
  bridge-group 1
  ip df clear
  mtu 9216
  mac-sticky enable
  access-group input ANY
  access-group output ANY
  service-policy input mgmt
  service-policy input VIP-HTTP
  service-policy input VIP-HTTPS
  service-policy input ICMP-INSPECT
  no shutdown

interface bvi 1
  ip address 10.22.52.4 255.255.255.128
  peer ip address 10.22.52.5 255.255.255.128
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.22.52.1

One of the reasons that the user gets a page when he changes the https to http on the address bar of the broswer is because we use ssl offload and the SSL is between the client and the ACE and from the ACE to the server it is clear text .

Once the user changes from https to http it hits the ACE on 80 and is redirected to the real server as any other HTTP packet .

let me give an example for better understanding

i have a site by name www.sandjose.com

www.sandjose.com request goes through http and it has many directories listed under it serving different pages

www.sandjose/dir1/content1.aspx

www.sandjose/dir2/content2.aspx

....
....

....

....

www.sandjose/dirn/contentn.aspx.

Out of  above directories i want certain URL's e.g "www.sandjose/dir2/content2.aspx" to always use HTTPS and even if the user comes via HTTP . I need to redirect him to HTTPS if the request come from http.

Hope my example makes it clear.

Hello,

Your rserver is configured for port 80 and you have a class-map configured with port 80 too.

This config will not perform HTTP to HTTPS redirection.

You might want to use action-list to rewrite url..

action-list type modify http urlrewrite
ssl url rewrite location www\.sandjose\.com 
or even 
ssl url rewrite location .* (which should match anything)

Then add you action list to

policy_map type loadbalance first_match IBE_HTTP
class class_default
sticky_serverfarm IBE_STICKY_GRP1

action urlrewrite

anyway, have a look at this guide:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml

Hope this helps.

Regards,

Thibault.

Thanks Thibault.

Can you help me in matching the string "www.sandjose.com/dir2/content2.aspx"

I have tried the SSL URL rewrite and it didn't work , I think i was trying to match the entire path and made some mistakes in matching it .

Can you please help inthis regards .

I think the regex  i tried was www\.sandjose\.com\/dir2\/content2\.aspx

Hello,

The string " .* " (without the quotes) should match anything

If you need to redirect everything then use it rather than a specif regex for each url.

Something found in the ACE documentation:

Note: When matching data strings, note that the period (.) and question mark (?) characters do not have a literal meaning in regular expressions. Use brackets ([]) to match these symbols (for example, enter www[.]xyz[.]com instead of www.xyz.com). You can also use a backslash (\) to escape a dot (.) or a question mark (?).

Rgds.