08-11-2006 12:38 AM
Hi guys, a customer of mine wants to redirect a URL on port 80 to a different URL on port 443.
He does not want the customer to have to type in a URL, and also wants the new https URL to shown in the browser.
Is this easily achieved on the CSS via the domain/redirect commands. From what I read the CSS will only redirect on receiving an http 302 (page moved) message. Can it redirect even if the server is still up - I know you can very simply do this just by changing the service IP address and port but then the URL does not change in the browser.
cheers,
Mike
Solved! Go to Solution.
08-11-2006 03:56 AM
Mike,
you are actually mixing 2 features here.
The CSS with the SSL module can parse server response and modify a 302 redirect to an HTTP page into a redirect to an HTTPS page.
In your case, you need to intercept all traffic and create your own redirect.
This is possible as well.
Here is a link to the documentation :
Gilles.
08-11-2006 03:56 AM
Mike,
you are actually mixing 2 features here.
The CSS with the SSL module can parse server response and modify a 302 redirect to an HTTP page into a redirect to an HTTPS page.
In your case, you need to intercept all traffic and create your own redirect.
This is possible as well.
Here is a link to the documentation :
Gilles.
09-28-2006 05:55 AM
From the documentation: This example demonstrates a site that is required to operate over HTTPS exclusively. If a user comes into the site using HTTP, the CSS sends the user an HTTP redirect to come back in via HTTPS.
I don't think this guy wants his entire site to run via https... just a partiuclar URL.
I have the same issue. I have 3 domains going through my CSS and I'd like to have one of them auto redirect to https, but leave the other domains alone. Tried to adapt this documentation to it, but it doesn't work.
09-28-2006 06:15 AM
this is feasible.
All you have to do is split the content rule in as many parts as needed.
For example, if you want www.aaa.com to be encrypted but not the other site, here is what you can do.
content AAA
vip x.x.x.x
proto tcp
port 80
url "//www.aaa.com/*"
add service REDIRECT
active
content ALL
vip x.x.x.x
proto tcp
port 80
url "/*"
add service LOCAL-80-1
add service LOCAL-80-2
...
active
content AAA-HTTPS
vip x.x.x.x
proto tcp
port 443
add service LOCAL-443-1
...
active
So, the first rule says that if traffic matches www.aaa.com it should be sent a rediret message [see previous post for more info on how to do this], for all the other HTTP traffic simply loadbalance and for HTTPS traffic loadbalance to HTTPS servers.
The opposite is not possible.
You can't intercept HTTPS traffic and redirect it to HTTP.
This could be done with an SSL module but then you could not use 1 vip for all, since SSL uses certificate which are linked to domain name.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide