Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2107
Views
0
Helpful
16
Replies

ACE module redirect/rewrite issue

mcroberts
Level 1
Level 1

‎07-13-2009 05:31 AM

I am having a redirect/rewrite problem with my ACE module. When the user types in https://citix.com and accepts the cert, I need the ace to add the following path to the url.../citrix/accessplatform/auth/login.aspx. That part works, but the page is returned as "http" and with the real server IP address in an unencrypted session versus https and the vip. I thought the action-list would fix this problem, but it had no effect. Any suggestions would be appreciated.

access-list IB extended permit ip any any

probe tcp connect

interval 5

faildetect 5

passdetect count 10

probe http web-connect

interval 5

passdetect count 6

request method get url /citrix/accessplatform/auth/login.aspx

expect status 200 302

connection term forced

parameter-map type http HTTP_Secure_Params

case-insensitive

persistence-rebalance

set header-maxparse-length 8192

action-list type modify http ACTION

ssl url rewrite location "172.16.252.50"

ssl url rewrite location "citrix"

rserver host citrix-01

ip address 172.16.252.10

inservice

rserver host citrix-02

ip address 172.16.252.11

inservice

rserver redirect citrix-redirect

webhost-redirection http://172.16.252.10/citrix/accessplatform/auth/login.aspx 301

inservice

rserver redirect citrix-redirect-02

webhost-redirection http://172.16.252.11/citrix/accessplatform/auth/login.aspx 301

inservice

ssl-proxy service SSL

key citrixkey

cert certnew.pem

serverfarm redirect Redirect-farm

rserver redirect citrix-redirect

inservice

rserver redirect citrix-redirect-02

inservice

serverfarm host citrix-farm

rserver citrix-01 81

inservice

rserver citrix-02 81

inservice

sticky http-cookie citrix.nnn citrix-sticky

timeout 720

replicate sticky

serverfarm Redirect-farm

class-map type http loadbalance match-any redirect

match http url citrix

class-map match-all HTTPS-VIP

match virtual-address 172.16.252.50 tcp eq https

policy-map type loadbalance first-match SLB

class class-default

sticky-serverfarm citrix-sticky

action ACTION

policy-map multi-match client-vip1

class HTTPS-VIP

loadbalance vip inservice

loadbalance policy SLB

loadbalance vip icmp-reply

appl-parameter http advanced-options HTTP_Secure_params

ssl-proxy server SSL

interface vlan 252

access-group input IB

service-policy input client-vip1

no shutdown

Labels:
0 Helpful
16 Replies 16

Martin Kyrc
Level 3
Level 3
In response to mcroberts

‎07-15-2009 12:12 AM

:) ...here is a problem. ace send to client redirect to http and you need access from client to https (ssl terminated on ace? - if true, configuration is wrong, because as I wrote before your configuration has 3 steps - access to vip, redirect send to client, client access to new location).

It's clear?

0 Helpful

mcroberts
Level 1
Level 1
In response to Martin Kyrc

‎07-15-2009 03:56 AM

I am reworking the configuration later today and will post the new final. Thank you for the input.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card