Is there a version of this solution (redirect by client source IP) for the CSS?

I'm attempting to redirect clients from a few specific networks (source IP's) to the VIP of a second CSS using a service-type redirect and "prefer " ACL commands:

clause 10 permit any 1.1.1.0 255.255.252.0 destination content owner/content-rule prefer service-type-redirect

There is an "any any destination any" last clause in the ACL for the remaining source IPs. The ACL is applied to the incoming circuits leading to the webservers.

A show of the ACL's shows all responses - no matter the client source IP - being caught by the permit any clause at the end of the ACL.

Extra points: this is a one-arm design with source group destination applied (to return server traffic to the CSS) and traffic is https with SSL terminating at the servers (no SSL module). Content rules are set to be sticky for srcip. Both CSSs are answering content-based DNS queries for the same URL with their local VIP address (but controlling which DNS server clients query isn't readily possible, so static proximity using DNS didn't provide the answer).

Each CSS is in a different data center: the idea is to keep traffic local by redirecting non-local traffic to its "local" (the other) CSS if services are active (and to keep traffic on the first CSS if the services at the redirected-to CSS are down).

Don't want too much, do I? ;-)

Thanks for everyone's time -

-K.

the type 'redirect' is for http traffic only.

You can't create an http redirect response and forward it in an HTTPS connection.

So even if the ACL was matching the correct clause it would not work.

If you want to create a redirect you first need to decrypt the traffic on the CSS with an SSL module.

Regards,

Gilles.