Solved: Example config on my ACE:

dnsroot13 · ‎02-16-2015

Hello Guys,

I have a wildcard certificate installed on my ace context.now we need to add a rewrite rule to the ACE on VIP: 10.40.81.14 to redirect http traffic to https. Basically anytime someone tries to hit http://portal.abc.com or http://portal.abc.com/list it should automatically redirect to https://portal.abc.com/list "

Santhosh S · ‎02-17-2015

Example config on my ACE: HTTP-to-HTTPS Redirect w/SSL Termination

With this example config, clients that connect to the VIP on port 80 (HTTP) will be redirected to the same FQDN and path using port 443 (HTTPS). Clients will then open an HTTPS session to the ACE where the SSL session will be terminated and load balanced to the real servers.

You can use redirect rserver to redirect HTTP connections to HTTPS. The HTTP-to-HTTPS redirect in this example is a 301 redirect (permanent). The 301 can be either removed or changed to 302 to revert to the default of a temporary redirect.

rserver redirect REDIRECT-TO-HTTPS
 webhost-redirection https://%h%p 301
 inservice

rserver host SERVER_01
  ip address 10.10.10.20
  inservice

rserver host SERVER_02
  ip address 10.10.10.21
  inservice

ssl-proxy service SSL_SERVICE
  key mykey.pem
  cert mycert.pem

serverfarm redirect REDIRECT-SERVERFARM
 rserver REDIRECT-TO-HTTPS
 inservice

serverfarm host REAL_SERVERS
  rserver SERVER_01 80
    inservice
  rserver SERVER_02 80
    inservice

class-map match-all HTTP-VIP
  2 match virtual-address 172.21.162.178 tcp eq http
class-map match-all HTTPS-VIP
  2 match virtual-address 172.21.162.178 tcp eq https

policy-map type loadbalance first-match REDIRECT-PM
  class class-default
   serverfarm REDIRECT-SERVERFARM

policy-map type loadbalance first-match LOAD-BALANCE-PM
  class class-default
   serverfarm REAL-SERVERS

policy-map multi-match WEB-TRAFFIC
  class HTTP-VIP
    loadbalance vip inservice
    loadbalance policy REDIRECT-PM
    loadbalance vip icmp-reply
  class HTTPS-VIP
    loadbalance vip inservice
    loadbalance policy LOAD-BALANCE-PM
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_SERVICE

View solution in original post

Santhosh S · ‎02-17-2015

Example config on my ACE: HTTP-to-HTTPS Redirect w/SSL Termination

With this example config, clients that connect to the VIP on port 80 (HTTP) will be redirected to the same FQDN and path using port 443 (HTTPS). Clients will then open an HTTPS session to the ACE where the SSL session will be terminated and load balanced to the real servers.

You can use redirect rserver to redirect HTTP connections to HTTPS. The HTTP-to-HTTPS redirect in this example is a 301 redirect (permanent). The 301 can be either removed or changed to 302 to revert to the default of a temporary redirect.

rserver redirect REDIRECT-TO-HTTPS
 webhost-redirection https://%h%p 301
 inservice

rserver host SERVER_01
  ip address 10.10.10.20
  inservice

rserver host SERVER_02
  ip address 10.10.10.21
  inservice

ssl-proxy service SSL_SERVICE
  key mykey.pem
  cert mycert.pem

serverfarm redirect REDIRECT-SERVERFARM
 rserver REDIRECT-TO-HTTPS
 inservice

serverfarm host REAL_SERVERS
  rserver SERVER_01 80
    inservice
  rserver SERVER_02 80
    inservice

class-map match-all HTTP-VIP
  2 match virtual-address 172.21.162.178 tcp eq http
class-map match-all HTTPS-VIP
  2 match virtual-address 172.21.162.178 tcp eq https

policy-map type loadbalance first-match REDIRECT-PM
  class class-default
   serverfarm REDIRECT-SERVERFARM

policy-map type loadbalance first-match LOAD-BALANCE-PM
  class class-default
   serverfarm REAL-SERVERS

policy-map multi-match WEB-TRAFFIC
  class HTTP-VIP
    loadbalance vip inservice
    loadbalance policy REDIRECT-PM
    loadbalance vip icmp-reply
  class HTTPS-VIP
    loadbalance vip inservice
    loadbalance policy LOAD-BALANCE-PM
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_SERVICE

ACE URL rewrite SSL from HTTP to HTTPS