Re: Cisco 11500 SSL redirection

gary.bennett · ‎08-25-2011

I'm attempting to redirect SSL from the base site to a different page on the same SSL site. I want to redirect https://10.4.16.54/* to https://10.4.16.54/AHC/SitePages/Home.aspx. If I enter https://10.4.16.54/AHC/SitePages/Home.aspx, site loads, but if I enter simply https://10.4.16.54, it times out. The ssl_sharepoint service is my ssl_proxy_list. Thanks for any help.

content Sharepoint_https

flow-timeout-multiplier 10

sticky-inact-timeout 35

vip address 10.4.16.54

application ssl

add service ssl_sharepoint

advanced-balance ssl

url "/*"

port 443

protocol tcp

redirect "/AHC/SitePages/Home.aspx"

active

content Sharepoint_https_redirect

vip address 10.4.16.54

application ssl

advanced-balance ssl

flow-timeout-multiplier 10

sticky-inact-timeout 35

add service ssl_sharepoint

port 443

protocol tcp

url "/AHC/SitePages/Home.aspx"

active

pablo.nxh · ‎08-25-2011

Hi Gary,

First off I'll recommend you to clean up the URL and redirect command from your 443 rules, as 443 is encrypted the CSS is not able to look at layer 5 info within the traffic, making this commands useless for these rules.

That being said; since you're using SSL termination your configuration for HTTPS-to-HTTPS redirect would look like this:

content Sharepoint_https

vip address 10.4.16.54

application ssl

advanced-balance ssl

flow-timeout-multiplier 10

add service ssl_sharepoint

port 443

protocol tcp

active

content Sharepoint_https_redirect

vip address 10.4.16.54

port 80

protocol tcp

url "/*"

redirect "https://10.4.16.54/AHC/SitePages/Home.aspx"

active

content Sharepoint_http_Aspx

vip address 10.4.16.54

port 80

advance-balance arrowpoint-cookie

add service Sharepoint-1

add service Sharepoint-2

protocol tcp

url "/AHC/SitePages/Home.aspx"

active

Here I'm assuming that you're not using backend SSL and your clear port is 80

Basically, traffic comes as https://10.4.16.54, hits the encrypted rule that send the traffic to the SSL proxy list for decryption, once decrypted traffic is sent to the clear text content rule, since there's no URI the request matches the rule with the wildcard URL "/*". This rule performs a redirect an indicates to the client to come back this time with the URI described ... process starts all over but this time the request will match the second clear text rule as the URI is more specific.

HTH

__ __

Pablo

gary.bennett · ‎08-25-2011

Thanks much for the code and clarification, Pablo. Exactly what I was trying to accomplish. Thanks, again.

gary

pablo.nxh · ‎08-25-2011

Hi Gary,

Glad to be of help

__ __

Pablo

gary.bennett · ‎08-26-2011

One more question. The redirect works great for sharepoint links that explicitly end w/the “Home.aspx”. However, if the underlying link stops w/the directory only, it fails on the content switch, redirecting to the initial home page. If you access the same URL on the server directly, it adds the “Home.aspx” correctly.

Do I need to do a remapping or a different redirect? Any suggestions w/b greatly appreciated. Thanks.

gary

pablo.nxh · ‎08-26-2011

Hi Gary,

Can you look within your config for all the rules with VIP 10.4.16.54 and copy/paste them here.

The 3 rules provided should be enough to redirect all the URL's regardless of the URI path.

__ __

Pablo