06-16-2013 11:57 AM
Hi,
we have our main website https://abc.com and it provides links to users for various applications.If i go to https://abc.com and click the link xyz on it, i get back to main page again and current connections drops to 0. here my browser should be redirected to https://abc.com/xyz which is not happening. Traffic is getting tunnnled to https://abc.com as seen in logs in http catcher.
But if i type in https://abc.com/xyz in browser, i go to correct page.
below is my configuration. please let me know if any other configuration is needed, Below config is with 2 links but actual production has many links.
I have similar issue for another application where links on main page can not be accessed. that application works on http instead of https.
rserver redirect xyz
inservice
webhost-redirection "https://abc.com/xyz"
rserver redirect uvw
inservice
webhost-redirection "https://abc.com/uvw"
rserver host abc
ip address 1.1.1.1
inservice
serverfarm redirect xyz
rserver xyz
inservice
parameter-map type http case_param
case-insensitive
no persistence-rebalance (i also tried enabling it)
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
parameter-map type ssl abc
cipher RSA_WITH_3DES_EDE_CBC_SHA
ssl-proxy service abc
key abc
cert abc
ssl advanced-options abc
serverfarm redirect uvw
rserver uvw
inservice
serverfarm host abc
rserver abc
inservice
class-map type http loadbalance match-any map1
match http url /xyz.*
class-map type http loadbalance match-any map1
match http url /uvw.*
policy-map type loadbalance first-match ssl-abc
class map1
serverfarm xyz
class map2
serverfarm uvw
class class-default
serverfarm abc
class ssl-intranet
loadbalance vip inservice
loadbalance policy ssl-abc
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param
ssl-proxy server abc
the IP address mentioned for abc.com (1.1.1.1) is on cisco CSS (VIP for www.abc.com for internal users) which is serving my internal clients. The CSS then points to actual server hosting abc.com. The ACE is serving clients coming from Internet and CSS is serving my internal clients which connect with http. Is this problem because of communication issue between ACE and CSS?
Can anybody suggest?
06-17-2013 04:53 PM
Hi,
Could you try?
rserver redirect xyz
webhost-redirection "https://abc.com/xyz" 301
inservice
rserver redirect uvw
webhost-redirection "https://abc.com/uvw" 301
inservice
It might be possible the redirect is working but maybe the other portion is not.
Could you upload the VIP?
Jorge
Could you add the configuration once the traffic is redirected?
06-21-2013 01:14 AM
class-map match-all intranet
2 match virtual-address 198.184.231.7 tcp eq www
class-map match-all ssl-intranet
2 match virtual-address 198.184.231.7 tcp eq https
I have 2 different policy maps .........intranet map redirects to ssl-intranet map which then makes redirection to individual applications.
policy-map multi-match external-lb
class extranet
loadbalance vip inservice
loadbalance policy extranet
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param
class ssl-extranet
loadbalance vip inservice
loadbalance policy ssl-extranet
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param
06-20-2013 08:42 PM
If CSS VIP (1.1.1.1) is listening on http, I do not see port 80 in the serverfarm config on ACE.
06-21-2013 01:15 AM
Hi Yogesh,
Requests come on 443...CSS offload it to 80 and sends to serverfarm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide