I have implemented a solution on a Cisco ACE LB, which receives requests from the internet for https://website1.com/path, and proxies these to https://website2.com/path -- using the following configuration:

rserver host <snip>

  ip address <snip>

  inservice

action-list type modify http HTTP_MODIFY

  header rewrite both host header-value "website1\.com" replace "website2.com"

serverfarm host <snip>

  probe TCP_443

  rserver <snip>

    inservice

sticky ip-netmask 255.255.255.255 address source <snip>

  timeout 60

  timeout activeconns

  replicate sticky

  serverfarm <snip>

class-map match-all <snip>

  10 match virtual-address <snip> tcp eq https

policy-map type loadbalance first-match <snip>

  class class-default

    sticky-serverfarm <snip>

    action HTTP_MODIFY

    ssl-proxy client <snip>

policy-map multi-match <snip>

  class <snip>

    loadbalance vip inservice

    loadbalance policy <snip>

    loadbalance vip icmp-reply active

    nat dynamic 5 vlan <snip>

    ssl-proxy server <snip>

This works, except that it is seemingly incapable of dealing with 301/302 redirects. These come back from the server with a location field of https://website2.com/path2 and this is sent to the client browser unchecked.

I have tried all manner of response rewrites, but cannot get any of them to do what I need them to. I have a suspicion that these are being treated as payload rather than header information by the ACE, but if anyone can clarify I'd be most grateful.

I *believe* the format should be something like:

header rewrite response host header-value "(.*)https://website2\.com(.*)" replace "%1https://website1.com%2"

(assuming the ACE is even capable of doing this) but this does not seem to work.

Any assistance gratefully received.