09-26-2011 11:41 AM
Hello,
i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
Main link: http://www.mydomain.com/autoforms/portal/home/E-Auction
Sublink1: http://www.mydomain.com/autoforms/portal/home/E-Auction/About%20e-Auction
Sublink2: http://www.mydomain.com/autoforms/portal/home/E-Auction/Terms%20and%20Conditions
Sublink3:http://www.mydomain.com/autoforms/portal/home/E-Auction/How%20to%20Bid
i am using the
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://mydomain.com/autoforms/portal/home/E-Auction
inservice
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.
But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.
How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
Thank you in advance
George
09-27-2011 03:00 AM
Hi George,
From the Server Load-Balancing Guide:
"The syntax of this command is as follows:
webhost-redirection relocation_string [301 | 302]
The keywords and arguments are as follows:
•relocation_string—URL string used to redirect requests to another server. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters. The relocation string supports the following special characters:
–%h—Inserts the hostname from the request Host header
–%p—Inserts the URL path string from the request"
- so you need to use %p for the path.
HTH
Cathy
09-27-2011 11:13 AM
Hi Cathy
Thank you for your support, the above guide worked.
I have one more question thou, the customer is asking to make the redirection more dynamic.
Instead of specifing specific URL for redirection, the server must request from ACE to change the URL from http to https.
This is because of future changes in the website and they don't want to add or modify any changes in the ACE in case
a new link is added and needs https redirect.
You have any idea on how to do this?
Thank you
George
09-28-2011 11:09 AM
Hi George,
If I understand this correctly, you just need to use a webhost-relocation like this:
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p
inservice
With this the ACE is going to keep the domain and the URI of the request
Cesar
09-29-2011 03:55 AM
Hi Cesar,
Thank you for your reply. This is what i did and it is working but i need the redirection to be more dynamic.
What i did in the policy-map called "WEB2" a "match" that matches part of the URL.
In this case, the ACE is redirecting the connection to https because i specified the URL to match.
What is needed by the customer is to let the server tell the ACE to change the connection to https. This is because a new/change link(s) might be added/changed on the website that needs https redirect.
Note, the ACE is on armed and the default gateway of the servers is not the ACE.
In this case, i do not match part of the URL but waits for the server to send a request to ACE for redirection.
I hope i clarify the issue and if this can can be done.
Below is part of the configuration.
Thank you,
George
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h%p 301
inservice
rserver host WEB-1
ip address 192.168.11.80
conn-limit max 4000000 min 4000000
inservice
rserver host WEB-2
ip address 192.168.11.81
conn-limit max 4000000 min 4000000
action-list type modify http urlrewrite
ssl url rewrite location "www\.mydomain\.com"
serverfarm redirect REDIRECT-SERVERFARM
predictor least-loaded probe PROBE_SNMP
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host WEB-Farm
predictor least-loaded probe PROBE_SNMP
probe PROBE_SNMP
probe url
rserver WEB-1 80
conn-limit max 4000000 min 4000000
inservice
rserver WEB-2 80
conn-limit max 4000000 min 4000000
sticky ip-netmask 255.255.255.255 address source sticky-WEB
timeout 900
replicate sticky
serverfarm WEB-Farm
sticky http-cookie SSL-PROXY COOKIE-STICKY
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm WEB-Farm
sticky http-cookie SSL-PROXY COOKIE-STICKY-Redirect
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm REDIRECT-SERVERFARM
class-map match-any CLASS-WEB
2 match virtual-address 192.168.11.140 tcp eq https
class-map match-any CLASS-WEB2
2 match virtual-address 192.168.11.140 tcp eq www
class-map type http loadbalance match-all L7_SERVER_CLASS
description Sticky for SSL_T
2 match http url .*.jpg
3 match source-address 192.168.11.0 255.255.255.0
class-map type http loadbalance match-all L7_SLB-HTTP_CLASS
2 match http url .*
3 match source-address 192.168.11.0 255.255.255.0
policy-map type loadbalance first-match L7_SSL-TERM_POLICY
class class-default
sticky-serverfarm COOKIE-STICKY
action urlrewrite
insert-http X-Forwarded-Scheme header-value "%is"
insert-http X-Forwarded-For header-value "%pd"
policy-map type loadbalance first-match WEB2
match auction http url /autoforms/portal/home/E-Auction.*
sticky-serverfarm COOKIE-STICKY-Redirect
action urlrewrite
insert-http X-Forwarded-For header-value "%is"
insert-http X-Forwarded-Scheme header-value "%pd"
class class-default
sticky-serverfarm COOKIE-STICKY
action urlrewrite
insert-http X-Forwarded-Scheme header-value "%is"
insert-http X-Forwarded-For header-value "%pd"
policy-map multi-match L4-VIP_POLICY
class CLASS-WEB2
loadbalance vip inservice
loadbalance policy WEB2
loadbalance vip icmp-reply
nat dynamic 1 vlan 6
connection advanced-options TCP_PARAM
policy-map multi-match L4_SSL-VIP_POLICY
class CLASS-WEB
loadbalance vip inservice
loadbalance policy L7_SSL-TERM_POLICY
loadbalance vip icmp-reply
nat dynamic 1 vlan 6
ssl-proxy server SSL_PROXY
connection advanced-options TCP_PARAM
interface vlan 6
ip address 192.168.11.84 255.255.255.0
alias 192.168.11.82 255.255.255.0
peer ip address 192.168.11.85 255.255.255.0
no normalization
no icmp-guard
access-group input input1
nat-pool 1 192.168.11.140 192.168.11.140 netmask 255.255.255.255 pat
service-policy input Management_Policy
service-policy input L4_SSL-VIP_POLICY
service-policy input L4-VIP_POLICY
no shutdown
interface vlan 6
ip address 192.168.11.84 255.255.255.0
alias 192.168.11.82 255.255.255.0
peer ip address 192.168.11.85 255.255.255.0
no normalization
no icmp-guard
access-group input input1
nat-pool 1 192.168.11.140 192.168.11.140 netmask 255.255.255.255 pat
service-policy input Management_Policy
service-policy input L4_SSL-VIP_POLICY
service-policy input L4-VIP_POLICY
no shutdown
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide