Solved: Re: URL Redirection/Rewriting in ACE 4710

akhil.abrol · ‎12-14-2010

Hello Experts,

How can i redirect/rewrite an application url in ACE? I searched all the threads but didnt get what I want.

My requirement is,

If my company's DC will go down, the DR will come up and the application traffic will be redirected to DR (thats the job of DNS). Till this, things are fine. The application URL will get a new VIP which will be on DR ACE.

Now the requirement is, the URL should also be changed to lets say, http://dr.idam.company.com from http://idam.company.com

It is just to let people know that DR is active right now. Can i achieve this? Is this possible on ACE?

Thanks in advance..

Surya ARBY · ‎12-20-2010

The mistake seems to be here :

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "http://172.18.133.29:7777"

it should be :

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "172.18.133.29"

or

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "172.18.133.29:7777"

Just run a live HTTP Header extension in a firefox (or a wireshark) to see what the exact value in the HTTP header is.

Another (better option), use your real names according to the production environment and change your host file on your computer and make copy/paste of the class-map I sent before.

View solution in original post

Gilles Dufour · ‎12-14-2010

you can't rewrite url inside http response. This is just not possible.

But you can intercept all requests for "http://idam.company.com" and send a redirect to "http://dr.idam.company.com" but if the server keeps using the first url, for each object and each link ACE will need to intercept the main request and send a redirect.

So, this will be transparent for the end users, but they will probably detect some kind of slowness.

Gilles.

akhil.abrol · ‎12-14-2010

Hi Gilles,

Yes, I am looking for a solution like this..

Since the VIP of application http://idam.company.com will be changed by DNS, the traffic will be hitting DR ACE. No issue in that. But the DR application is URL sensitive. It will not respond if users will hit http://idam.company.com as the application is configured as http://dr.idam.company.com

So, the first request from user will come as http://idam.company.com, the ACE will redirect it to http://dr.idam.company.com and application will reply. After that it will be normal.

Thanks in advance..

Gilles Dufour · ‎12-14-2010

The redirect question came many times, so there should be examples somewhere on this forum.

I found one here to redirect from http to https.

https://supportforums.cisco.com/message/465049#465049

Check the redirect rserver and in your case you will replace the %h which represent the hostname with your own name.

So you should get something like

http://dr.idam.company.com/%p

The %p means you want to keep the path.

Gilles.

akhil.abrol · ‎12-17-2010

Hi Gilles,

Before making the changes in production, I tested them on a test server. But it didnt work. Need your help to know what i am doing wrong. I was trying to post reply here since 2 days but when i was logging here in forums it wasnt working. Just now it is working. Dont know, may be some ISP issue. Anyway, here is the config i did..

rserver redirect IDAM-REDIRECT
webhost-redirection http://10.105.98.18:7777/access/oblix/%p
inservice

rserver host IDAM-Redir-18
ip address 10.105.98.18
inservice

serverfarm host IDAM-Redir-Test
probe ICMP-ICMP-Probe
probe TCP-7777
rserver IDAM-Redir-18
inservice

serverfarm redirect IDAM-Redirect
rserver IDAM-REDIRECT
inservice

class-map type http loadbalance match-any IDAM-Redir
2 match http url http://172.18.133.29:7777
class-map match-any IDAM-Redir-VIP
2 match virtual-address 172.18.133.29 tcp eq 7777

policy-map type loadbalance http first-match IDAM-REDIR
class IDAM-Redir
serverfarm IDAM-Redirect
class class-default
serverfarm IDAM-Redir-Test

policy-map multi-match All_Policy_Maps
class IDAM-Redir-VIP
    loadbalance vip inservice
    loadbalance policy IDAM-REDIR
    loadbalance vip icmp-reply
    nat dynamic 98 vlan 98

http://10.105.98.18:7777/access/oblix/ is the complete URL of the application. What i was trying to do is, if i hit http://172.18.133.29:7777 i should be able to open the application be redirect. Otherwise, it should open normally.

It seems the redirection isnt working. I still have to put /access/oblix/ after the VIP to open the page.

Thanks for the support.

Surya ARBY · ‎12-17-2010

You have to match the Host field in your class-map and then send the request to webhost-redirection sending a 302, I'll try to make a config for you

Surya ARBY · ‎12-17-2010

You have two choices, looking for the pattern you want and send a redirect, or rewrite the value of the Host field in the HTTP requests.

I'll detail my view of the first solution (the second is very simple), not sure of the syntax, please check.

// define the target URL according to the parameters of the incoming requests

rserver redirect IDAM-REDIRECT
webhost-redirection http://dr.idam.company.com/%p 302
inservice

exit

// define and enable the redirection

serverfarm redirect DR-REDIRECT-SF

rserver IDAM-REDIRECT
inservice

exit

// match the wrong name

class-map type http loadbalance match-all DR-REDIRECT-CM

2 match http header Host header-value "idam[.]company[.]com"

exit

// send the redirection when matching the class-map

policy-map type loadbalance first-match DR-CLASSIFY

class DR-REDIRECT-CM

serverfarm DR-REDIRECT-SF

exit

akhil.abrol · ‎12-19-2010

Hi Surya,

I tried with the config you gave but it still doesnt work. The redirection isnt working.

rserver redirect IDAM-REDIRECT
webhost-redirection http://10.105.98.18:7777/access/oblix/%p 302
inservice
rserver host IDAM-Redir-18
ip address 10.105.98.18
inservice

serverfarm host IDAM-Redir-Test
probe ICMP-ICMP-Probe
probe TCP-7777
rserver IDAM-Redir-18
inservice
serverfarm redirect IDAM-Redirect
rserver IDAM-REDIRECT
inservice

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "http://172.18.133.29:7777"
class-map match-any IDAM-Redir-VIP
2 match virtual-address 172.18.133.29 tcp eq 7777

policy-map type loadbalance http first-match IDAM-REDIR
class IDAM-Redir
serverfarm IDAM-Redirect
class class-default
serverfarm IDAM-Redir-Test

policy-map multi-match All_Policy_Maps

class IDAM-Redir-VIP
    loadbalance vip inservice
    loadbalance policy IDAM-REDIR
    loadbalance vip icmp-reply
    nat dynamic 98 vlan 98

Surya ARBY · ‎12-20-2010

The mistake seems to be here :

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "http://172.18.133.29:7777"

it should be :

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "172.18.133.29"

or

class-map type http loadbalance match-any IDAM-Redir
2 match http header Host header-value "172.18.133.29:7777"

Just run a live HTTP Header extension in a firefox (or a wireshark) to see what the exact value in the HTTP header is.

Another (better option), use your real names according to the production environment and change your host file on your computer and make copy/paste of the class-map I sent before.

akhil.abrol · ‎12-20-2010

It worked..! Thanks.. The HTTP live extension helped. I actually tried removing http but it didnt work.

Thanks a lot.. Did the testing by changing the host file also. It working fine..