Re: CSS11500 - Redirect HTTP to HTTPS

ryankogel1 · ‎02-04-2011

I have setup simple load balancing for our SharePoint service using a two content rules. The port 80 is intended to just redirect to port 443. The rule goes to services pointing to an ASP that should redirect the http to https. The port 443 rule goes to the standard SharePoint 2010. Unfortunately, SharePoint seems to interecept anything on that server's IIS and so the port 80 rule just returns a 403 instead of the ASP results.

content moss04_http_80
    vip address 122.22.22.22
    protocol tcp
    port 80
    add service redirector_server1_8080
    add service redirector_server2_8080
    active

content moss04_https_443
    vip address 122.22.22.22
    protocol tcp
    port 443
    add service sharepoint_server1_443
    add service sharepoint_server2_443
    active

Does anyone know of a trick to directly redirect the HTTP to HTTPS on the CSS? For example, can I get the CSS to serve a javascript doc that does the redirect?

sthall · ‎02-04-2011

Ryan,

You are nearly there. Just configure the services you reference as type of "redirect" and give the parameters you need. For example:

service redirector_server1_8080
type redirect

no prepend-http

domain "https://domain.name.com"

keepalive type none

active

That will redirect the request to the domain name specified. I presume you will want the same domain name as the HTTP request came in on but that is not a requirement. The "no prepend-http" prevents the CSS from prepending "http://" to the domain name, which it does by default. It will also retain the path and filename from the original request.

if you want to redirect the HTTP users to a specific page on the server, and not the same page that was requested, then you should use the "redirect-string" command like the following example:

service redirector_server1_8080
type redirect

no prepend-http

redirect-string https://domain.name.com/login-page.html

keepalive type none

active

note the redirect-string command does not use quotes around the redirect value

hope that helps!

Steve Hall

ryankogel1 · ‎02-07-2011

Hi Steve,

Thanks for your detailed answer :-)

The issue I have is that the location of the redirect cannot be hardcoded. There are dozens of name-based virtual hosts on each IP address.

Is there a way to do this without specifying the target host?

Cheers,

Ryan

sthall · ‎02-07-2011

Ryan,

The most common method to do this is to match the request based on the HTTP Host header. The host header is where we will find the domain name in the request. To do this you will need a different L5 content rule for each expected domain name, and maybe a "catch all" rule for names you don't expect.

content moss04_http_80
    vip address 122.22.22.22
    protocol tcp
    port 80
    add service generic-redirector_server1_8080
    add service generic-redirector_server2_8080
    active

content site1-moss04_http_80
    vip address 122.22.22.22
    protocol tcp
    port 80
    url "//www.site1.com/*"
    add service site1-redirector_server1_8081
    add service site1-redirector_server2_8081
    active

content site2-moss04_http_80
    vip address 122.22.22.22
    protocol tcp
    port 80
    url "//www.site2.com/*"
    add service site2-redirector_server1_8082
    add service site2-redirector_server2_8082
    active

of course, you will need redirector servers for each domain name. You can use the same redirectors and add additional listening ports on them as well.

hope that helps!

-Steve Hall