cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1037
Views
0
Helpful
1
Replies
Highlighted
Beginner

ACE URL rewrite SSL from HTTP to HTTPS

Hello Guys,

 

I have a wildcard certificate installed on my ace context.now we need to add a rewrite rule to the ACE on VIP: 10.40.81.14 to redirect http traffic to https. Basically anytime someone tries to hit http://portal.abc.com or http://portal.abc.com/list it should automatically redirect to https://portal.abc.com/list "

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Example config on my ACE: HTTP-to-HTTPS Redirect w/SSL Termination

With this example config, clients that connect to the VIP on port 80 (HTTP) will be redirected to the same FQDN and path using port 443 (HTTPS).  Clients will then open an HTTPS session to the ACE where the SSL session will be terminated and load balanced to the real servers. 

You can use redirect rserver to redirect HTTP connections to HTTPS. The HTTP-to-HTTPS redirect in this example is a 301 redirect (permanent).  The 301 can be either removed or changed to 302 to revert to the default of a temporary redirect.

 

rserver redirect REDIRECT-TO-HTTPS
 webhost-redirection https://%h%p 301
 inservice

rserver host SERVER_01
  ip address 10.10.10.20
  inservice

rserver host SERVER_02
  ip address 10.10.10.21
  inservice

ssl-proxy service SSL_SERVICE
  key mykey.pem
  cert mycert.pem

serverfarm redirect REDIRECT-SERVERFARM
 rserver REDIRECT-TO-HTTPS
 inservice

serverfarm host REAL_SERVERS
  rserver SERVER_01 80
    inservice
  rserver SERVER_02 80
    inservice

class-map match-all HTTP-VIP
  2 match virtual-address 172.21.162.178 tcp eq http
class-map match-all HTTPS-VIP
  2 match virtual-address 172.21.162.178 tcp eq https

policy-map type loadbalance first-match REDIRECT-PM
  class class-default
   serverfarm REDIRECT-SERVERFARM

policy-map type loadbalance first-match LOAD-BALANCE-PM
  class class-default
   serverfarm REAL-SERVERS

policy-map multi-match WEB-TRAFFIC
  class HTTP-VIP
    loadbalance vip inservice
    loadbalance policy REDIRECT-PM
    loadbalance vip icmp-reply
  class HTTPS-VIP
    loadbalance vip inservice
    loadbalance policy LOAD-BALANCE-PM
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_SERVICE

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Example config on my ACE: HTTP-to-HTTPS Redirect w/SSL Termination

With this example config, clients that connect to the VIP on port 80 (HTTP) will be redirected to the same FQDN and path using port 443 (HTTPS).  Clients will then open an HTTPS session to the ACE where the SSL session will be terminated and load balanced to the real servers. 

You can use redirect rserver to redirect HTTP connections to HTTPS. The HTTP-to-HTTPS redirect in this example is a 301 redirect (permanent).  The 301 can be either removed or changed to 302 to revert to the default of a temporary redirect.

 

rserver redirect REDIRECT-TO-HTTPS
 webhost-redirection https://%h%p 301
 inservice

rserver host SERVER_01
  ip address 10.10.10.20
  inservice

rserver host SERVER_02
  ip address 10.10.10.21
  inservice

ssl-proxy service SSL_SERVICE
  key mykey.pem
  cert mycert.pem

serverfarm redirect REDIRECT-SERVERFARM
 rserver REDIRECT-TO-HTTPS
 inservice

serverfarm host REAL_SERVERS
  rserver SERVER_01 80
    inservice
  rserver SERVER_02 80
    inservice

class-map match-all HTTP-VIP
  2 match virtual-address 172.21.162.178 tcp eq http
class-map match-all HTTPS-VIP
  2 match virtual-address 172.21.162.178 tcp eq https

policy-map type loadbalance first-match REDIRECT-PM
  class class-default
   serverfarm REDIRECT-SERVERFARM

policy-map type loadbalance first-match LOAD-BALANCE-PM
  class class-default
   serverfarm REAL-SERVERS

policy-map multi-match WEB-TRAFFIC
  class HTTP-VIP
    loadbalance vip inservice
    loadbalance policy REDIRECT-PM
    loadbalance vip icmp-reply
  class HTTPS-VIP
    loadbalance vip inservice
    loadbalance policy LOAD-BALANCE-PM
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_SERVICE

View solution in original post

Content for Community-Ad
This widget could not be displayed.