ACE redirection issue

nishchay nadkarni · ‎06-16-2013

Hi,

we have our main website https://abc.com and it provides links to users for various applications.

If i go to https://abc.com and click the link xyz on it, i get back to main page again and current connections drops to 0. here my browser should be redirected to https://abc.com/xyz which is not happening. Traffic is getting tunnnled to https://abc.com as seen in logs in http catcher.

But if i type in https://abc.com/xyz in browser, i go to correct page.

below is my configuration. please let me know if any other configuration is needed, Below config is with 2 links but actual production has many links.

I have similar issue for another application where links on main page can not be accessed. that application works on http instead of https.

rserver redirect xyz

inservice

webhost-redirection "https://abc.com/xyz"

rserver redirect uvw

inservice
webhost-redirection "https://abc.com/uvw"

rserver host abc

ip address 1.1.1.1

inservice

serverfarm redirect xyz

rserver xyz

inservice

parameter-map type http case_param

case-insensitive

no persistence-rebalance (i also tried enabling it)

set header-maxparse-length 65535

set content-maxparse-length 65535

length-exceed continue

parameter-map type ssl abc

cipher RSA_WITH_3DES_EDE_CBC_SHA

ssl-proxy service abc

key abc

cert abc

ssl advanced-options abc

serverfarm redirect uvw

rserver uvw

inservice

serverfarm host abc

rserver abc

inservice

class-map type http loadbalance match-any map1

match http url /xyz.*

class-map type http loadbalance match-any map1

match http url /uvw.*

policy-map type loadbalance first-match ssl-abc

class map1

serverfarm xyz

class map2

serverfarm uvw

class class-default

serverfarm abc

class ssl-intranet

loadbalance vip inservice

loadbalance policy ssl-abc

loadbalance vip icmp-reply active

nat dynamic 1 vlan 368

appl-parameter http advanced-options case_param

ssl-proxy server abc

the IP address mentioned for abc.com (1.1.1.1) is on cisco CSS (VIP for www.abc.com for internal users) which is serving my internal clients. The CSS then points to actual server hosting abc.com. The ACE is serving clients coming from Internet and CSS is serving my internal clients which connect with http. Is this problem because of communication issue between ACE and CSS?

Can anybody suggest?

Jorge Bejarano · ‎06-17-2013

Hi,

Could you try?

rserver redirect xyz

webhost-redirection "https://abc.com/xyz" 301

inservice

rserver redirect uvw

webhost-redirection "https://abc.com/uvw" 301

inservice

It might be possible the redirect is working but maybe the other portion is not.

Could you upload the VIP?

Jorge

Could you add the configuration once the traffic is redirected?

nishchay nadkarni · ‎06-21-2013

class-map match-all intranet

2 match virtual-address 198.184.231.7 tcp eq www

class-map match-all ssl-intranet

2 match virtual-address 198.184.231.7 tcp eq https

I have 2 different policy maps .........intranet map redirects to ssl-intranet map which then makes redirection to individual applications.

policy-map multi-match external-lb

class extranet

loadbalance vip inservice

loadbalance policy extranet

loadbalance vip icmp-reply active

nat dynamic 1 vlan 368

appl-parameter http advanced-options case_param

class ssl-extranet

loadbalance vip inservice

loadbalance policy ssl-extranet

loadbalance vip icmp-reply active

nat dynamic 1 vlan 368

appl-parameter http advanced-options case_param

Yogesh Gawankar · ‎06-20-2013

If CSS VIP (1.1.1.1) is listening on http, I do not see port 80 in the serverfarm config on ACE.

nishchay nadkarni · ‎06-21-2013

Hi Yogesh,

Requests come on 443...CSS offload it to 80 and sends to serverfarm