Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1236
Views
0
Helpful
4
Replies

http to https redirection URL

gaboughanem
Level 1
Level 1

‎09-26-2011 11:41 AM

Hello,

i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:

Main link: http://www.mydomain.com/autoforms/portal/home/E-Auction

Sublink1: http://www.mydomain.com/autoforms/portal/home/E-Auction/About%20e-Auction

Sublink2: http://www.mydomain.com/autoforms/portal/home/E-Auction/Terms%20and%20Conditions

Sublink3:http://www.mydomain.com/autoforms/portal/home/E-Auction/How%20to%20Bid

i am using the

rserver redirect REDIRECT-TO-HTTPS

webhost-redirection https://mydomain.com/autoforms/portal/home/E-Auction

inservice

The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.

But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.

How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?

Thank you in advance

George

Labels:
0 Helpful
4 Replies 4

ciscocsoc
Level 4
Level 4

‎09-27-2011 03:00 AM

Hi George,

From the Server Load-Balancing Guide:

"The syntax of this command is as follows:

webhost-redirection relocation_string [301 | 302]

The keywords and arguments are as follows:

•relocation_string—URL string used to redirect requests to another server. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters. The relocation string supports the following special characters:

–%h—Inserts the hostname from the request Host header

–%p—Inserts the URL path string from the request"

- so you need to use %p for the path.

HTH

Cathy

0 Helpful

gaboughanem
Level 1
Level 1
In response to ciscocsoc

‎09-27-2011 11:13 AM

Hi Cathy

Thank you for your support, the above guide worked.

I have one more question thou, the customer is asking to make the redirection more dynamic.

Instead of specifing specific URL for redirection, the server must request from ACE to change the URL from http to https.

This is because of future changes in the website and they don't want to add or modify any changes in the ACE in case

a new link is added and needs https redirect.

You have any idea on how to do this?

Thank you

George

0 Helpful

Cesar Roque
Level 4
Level 4
In response to gaboughanem

‎09-28-2011 11:09 AM

Hi George,

If I understand this correctly, you just need to use a webhost-relocation like this:

rserver redirect REDIRECT-TO-HTTPS

webhost-redirection https://%h%p

inservice

With this the ACE is going to keep the domain and the URI of the request

Cesar

--------------------- Cesar R ANS Team
0 Helpful

gaboughanem
Level 1
Level 1
In response to Cesar Roque

‎09-29-2011 03:55 AM

Hi Cesar,

Thank you for your reply. This is what i did and it  is working but i need the redirection to be more dynamic.

What i did in the policy-map called "WEB2" a "match" that matches  part of the URL.

In this case, the ACE is redirecting the connection to https because i specified the URL to match.

What is needed by the customer is to let the server tell the ACE to change the connection to https. This is because a new/change link(s) might be added/changed on the website that needs https redirect.

Note, the ACE is on armed and the default gateway of the servers is not the ACE.

In this case, i do not match part of the URL but waits for the server to send a request  to ACE for redirection.

I hope i clarify the issue and if this can can be done.

Below is part of the configuration.

Thank you,

George

rserver redirect REDIRECT-TO-HTTPS
  webhost-redirection https://%h%p 301
  inservice
rserver host WEB-1
  ip address 192.168.11.80
  conn-limit max 4000000 min 4000000
  inservice
rserver host WEB-2
  ip address 192.168.11.81
  conn-limit max 4000000 min 4000000


action-list type modify http urlrewrite
  ssl url rewrite location "www\.mydomain\.com"

serverfarm redirect REDIRECT-SERVERFARM
  predictor least-loaded probe PROBE_SNMP
  rserver REDIRECT-TO-HTTPS
    inservice

serverfarm host WEB-Farm
  predictor least-loaded probe PROBE_SNMP
  probe PROBE_SNMP
  probe url
  rserver WEB-1 80
    conn-limit max 4000000 min 4000000
    inservice
  rserver WEB-2 80
    conn-limit max 4000000 min 4000000

sticky ip-netmask 255.255.255.255 address source sticky-WEB
  timeout 900
  replicate sticky
  serverfarm WEB-Farm
sticky http-cookie SSL-PROXY COOKIE-STICKY
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm WEB-Farm
sticky http-cookie SSL-PROXY COOKIE-STICKY-Redirect
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm REDIRECT-SERVERFARM


class-map match-any CLASS-WEB
  2 match virtual-address 192.168.11.140 tcp eq https
class-map match-any CLASS-WEB2
  2 match virtual-address 192.168.11.140 tcp eq www
class-map type http loadbalance match-all L7_SERVER_CLASS
  description Sticky for SSL_T
  2 match http url .*.jpg
  3 match source-address 192.168.11.0 255.255.255.0
class-map type http loadbalance match-all L7_SLB-HTTP_CLASS
  2 match http url .*
  3 match source-address 192.168.11.0 255.255.255.0


policy-map type loadbalance first-match L7_SSL-TERM_POLICY
  class class-default
    sticky-serverfarm COOKIE-STICKY
    action urlrewrite
    insert-http X-Forwarded-Scheme header-value "%is"
    insert-http X-Forwarded-For header-value "%pd"

policy-map type loadbalance first-match WEB2
  match auction http url /autoforms/portal/home/E-Auction.*
    sticky-serverfarm COOKIE-STICKY-Redirect
    action urlrewrite
    insert-http X-Forwarded-For header-value "%is"
    insert-http X-Forwarded-Scheme header-value "%pd"
  class class-default
    sticky-serverfarm COOKIE-STICKY
    action urlrewrite
    insert-http X-Forwarded-Scheme header-value "%is"
    insert-http X-Forwarded-For header-value "%pd"


policy-map multi-match L4-VIP_POLICY
  class CLASS-WEB2
    loadbalance vip inservice
    loadbalance policy WEB2
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 6
    connection advanced-options TCP_PARAM
policy-map multi-match L4_SSL-VIP_POLICY
  class CLASS-WEB
    loadbalance vip inservice
    loadbalance policy L7_SSL-TERM_POLICY
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 6
    ssl-proxy server SSL_PROXY
    connection advanced-options TCP_PARAM

interface vlan 6

  ip address 192.168.11.84 255.255.255.0

  alias 192.168.11.82 255.255.255.0

  peer ip address 192.168.11.85 255.255.255.0

  no normalization

  no icmp-guard

  access-group input input1

  nat-pool 1 192.168.11.140 192.168.11.140 netmask 255.255.255.255 pat

  service-policy input Management_Policy

  service-policy input L4_SSL-VIP_POLICY

  service-policy input L4-VIP_POLICY

  no shutdown

interface vlan 6
  ip address 192.168.11.84 255.255.255.0
  alias 192.168.11.82 255.255.255.0
  peer ip address 192.168.11.85 255.255.255.0
  no normalization
  no icmp-guard
  access-group input input1
  nat-pool 1 192.168.11.140 192.168.11.140 netmask 255.255.255.255 pat
  service-policy input Management_Policy
  service-policy input L4_SSL-VIP_POLICY
  service-policy input L4-VIP_POLICY
  no shutdown

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents