Re: CSS 11503 - Redirect from https to http

yahshianhui · ‎08-30-2007

Dear Pro:

I am try to 'redirect' incoming https request to a specific website, for example:

"Incoming->https://www.yahoo.com -->> http://www.yahoo.com", it does not work.

However, it does work for http redirect: "Incoming->http://www.yahoo.com -->> https://www.yahoo.com".

Any good comments? below is my config:

NOT working config:

content testlb_443

balance weightedrr

vip address 192.168.1.1

url "/*"

protocol tcp

port 443

redirect "http://www.yahoo.com"

active

Working config:

content testlb_80

balance weightedrr

url "/*"

vip address 192.168.1.2

protocol tcp

port 80

redirect "http://www.yahoo.com"

active

Thanks

SH

Jose Garcia · ‎08-30-2007

Hi,

It will be expected that the first configuration you mention will not work, let me explain you why:

The Rule testlb_443 is listening in the incoming port 443, which is a port that will carry secure encrypted traffic (SSL), this means that the L5-L7 (which includes the URL) will be encrypted, therefore the CSS cannot match any L5-L7 statement in that kind of request coming to port 443.

So you cannot use URL redirections on Rules that listen on port 443, unless you use a SSL-Module to decrypt the traffic first.

The request for the second Rule testlb_80, will work just fine since it is listening in a clear text port.

I hope this makes sense.

Thanks.

Josega.

yahshianhui · ‎08-30-2007

Thanks, Josega

Do you know any workaround for this?

Regards

SH

zahkhan · ‎08-30-2007

The redirect can only be issued once https is decrypted.

Either offload SSL on SSL module and issue redirect, or offload SSL on server and then issue redirect.

yahshianhui · ‎08-30-2007

Thanks, Zahkhan

It looks like I am out of luck.

Cheers

SH