02-16-2015 10:06 PM
Hello Guys,
I have a wildcard certificate installed on my ace context.now we need to add a rewrite rule to the ACE on VIP: 10.40.81.14 to redirect http traffic to https. Basically anytime someone tries to hit http://portal.abc.com or http://portal.abc.com/list it should automatically redirect to https://portal.abc.com/list "
Solved! Go to Solution.
02-17-2015 05:43 AM
Example config on my ACE: HTTP-to-HTTPS Redirect w/SSL Termination
With this example config, clients that connect to the VIP on port 80 (HTTP) will be redirected to the same FQDN and path using port 443 (HTTPS). Clients will then open an HTTPS session to the ACE where the SSL session will be terminated and load balanced to the real servers.
You can use redirect rserver to redirect HTTP connections to HTTPS. The HTTP-to-HTTPS redirect in this example is a 301 redirect (permanent). The 301 can be either removed or changed to 302 to revert to the default of a temporary redirect.
rserver redirect REDIRECT-TO-HTTPS webhost-redirection https://%h%p 301 inservice rserver host SERVER_01 ip address 10.10.10.20 inservice rserver host SERVER_02 ip address 10.10.10.21 inservice ssl-proxy service SSL_SERVICE key mykey.pem cert mycert.pem serverfarm redirect REDIRECT-SERVERFARM rserver REDIRECT-TO-HTTPS inservice serverfarm host REAL_SERVERS rserver SERVER_01 80 inservice rserver SERVER_02 80 inservice class-map match-all HTTP-VIP 2 match virtual-address 172.21.162.178 tcp eq http class-map match-all HTTPS-VIP 2 match virtual-address 172.21.162.178 tcp eq https policy-map type loadbalance first-match REDIRECT-PM class class-default serverfarm REDIRECT-SERVERFARM policy-map type loadbalance first-match LOAD-BALANCE-PM class class-default serverfarm REAL-SERVERS policy-map multi-match WEB-TRAFFIC class HTTP-VIP loadbalance vip inservice loadbalance policy REDIRECT-PM loadbalance vip icmp-reply class HTTPS-VIP loadbalance vip inservice loadbalance policy LOAD-BALANCE-PM loadbalance vip icmp-reply active ssl-proxy server SSL_SERVICE
02-17-2015 05:43 AM
Example config on my ACE: HTTP-to-HTTPS Redirect w/SSL Termination
With this example config, clients that connect to the VIP on port 80 (HTTP) will be redirected to the same FQDN and path using port 443 (HTTPS). Clients will then open an HTTPS session to the ACE where the SSL session will be terminated and load balanced to the real servers.
You can use redirect rserver to redirect HTTP connections to HTTPS. The HTTP-to-HTTPS redirect in this example is a 301 redirect (permanent). The 301 can be either removed or changed to 302 to revert to the default of a temporary redirect.
rserver redirect REDIRECT-TO-HTTPS webhost-redirection https://%h%p 301 inservice rserver host SERVER_01 ip address 10.10.10.20 inservice rserver host SERVER_02 ip address 10.10.10.21 inservice ssl-proxy service SSL_SERVICE key mykey.pem cert mycert.pem serverfarm redirect REDIRECT-SERVERFARM rserver REDIRECT-TO-HTTPS inservice serverfarm host REAL_SERVERS rserver SERVER_01 80 inservice rserver SERVER_02 80 inservice class-map match-all HTTP-VIP 2 match virtual-address 172.21.162.178 tcp eq http class-map match-all HTTPS-VIP 2 match virtual-address 172.21.162.178 tcp eq https policy-map type loadbalance first-match REDIRECT-PM class class-default serverfarm REDIRECT-SERVERFARM policy-map type loadbalance first-match LOAD-BALANCE-PM class class-default serverfarm REAL-SERVERS policy-map multi-match WEB-TRAFFIC class HTTP-VIP loadbalance vip inservice loadbalance policy REDIRECT-PM loadbalance vip icmp-reply class HTTPS-VIP loadbalance vip inservice loadbalance policy LOAD-BALANCE-PM loadbalance vip icmp-reply active ssl-proxy server SSL_SERVICE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide