Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2781
Views
0
Helpful
4
Replies

URL Rewrite - Remove port number in URL

stephg
Level 1
Level 1

‎02-02-2013 01:03 PM

Hi,

When connecting to an IBM Websphere thru the ACE, the user gets a return URL with a port number which blocks communications since only port 80 is permitted.

Ex: user goes to http://maximo.abc.com

The browser gets back the following url http://maximo.abc.com:9081/maximo from the device which is than blocked by the ACE because of the 9081 port number

How would I rewrite to remove the port number (ex: 9081) in the url

Thank you

Labels:
0 Helpful
4 Replies 4

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎02-02-2013 11:15 PM

Hi,

Do you want to remove the port from the server reply by ACE or you want to make changes on the server itself to not include while issuing the redirect?

If on ACE you can use action list type modify http and modify the location header server reply and then apply it to the appropriate policy.

That should work.

Regards,

Kanwal

0 Helpful

stephg
Level 1
Level 1
In response to Kanwaljeet Singh

‎02-08-2013 12:24 PM

Hi,

I want to remove the port from the server reply by ACE. They do not seem to have the option to make the change on the server itself.

How would I go about doing this on the ACE.

Here is the configurations relating to the server farms from which I would like to remove the port numbert in URL.

Thank you!

serverfarm host maximo.test.ca-HTTP

  failaction purge

  predictor leastconns

  rserver CAMTSCPCE865 9081

    probe TCP_9081

    inservice

  rserver CAMTSCPCE865 9083

    probe TCP_9083

    inservice

  rserver CAMTSCPCE865 9085

    probe TCP_9085

    inservice

  rserver CAMTSCPCE866 9082

    probe TCP_9082

    inservice

  rserver CAMTSCPCE866 9084

    probe TCP_9084

    inservice

  rserver CAMTSCPCE866 9086

    probe TCP_9086

    inservice

serverfarm host maximo.test.ca-HTTPS

  failaction purge

  predictor leastconns

  rserver CAMTSCPCE865 9444

    probe TCP_9444

    inservice

  rserver CAMTSCPCE865 9446

    probe TCP_9446

    inservice

  rserver CAMTSCPCE865 9448

    probe TCP_9448

    inservice

  rserver CAMTSCPCE866 9445

    probe TCP_9445

    inservice

  rserver CAMTSCPCE866 9447

    probe TCP_9447

    inservice

  rserver CAMTSCPCE866 9449

    probe TCP_9449

    inservice

serverfarm host maximomif.test.ca-HTTP

  failaction purge

  predictor leastconns

  rserver CAMTSCPCE865 9087

    probe TCP_9087

    inservice

  rserver CAMTSCPCE866 9088

    probe TCP_9088

    inservice

serverfarm host maximomif.test.ca-HTTPS

  failaction purge

  predictor leastconns

  rserver CAMTSCPCE865 9450

    probe TCP_9450

    inservice

  rserver CAMTSCPCE866 9451

    probe TCP_9451

    inservice

serverfarm host maximosys.test.ca-HTTP

  failaction purge

  predictor leastconns

  rserver CAMTSCPCE865 9089

    probe TCP_9089

    inservice

  rserver CAMTSCPCE866 9090

    probe TCP_9090

    inservice

serverfarm host maximosys.test.ca-HTTPS

  failaction purge

  predictor leastconns

  rserver CAMTSCPCE865 9452

    probe TCP_9452

    inservice

  rserver CAMTSCPCE866 9455

    probe TCP_9455

    inservice

sticky ip-netmask 255.255.255.255 address source maximo.test.ca-HTTP-PERSIST

  timeout 5

  replicate sticky

  serverfarm maximo.test.ca-HTTP

sticky ip-netmask 255.255.255.255 address source maximo.test.ca-HTTPS-PERSIST

  timeout 5

  replicate sticky

  serverfarm maximo.test.ca-HTTPS

sticky ip-netmask 255.255.255.255 address source maximomif.test.ca-HTTP-PERSIST

  timeout 5

  replicate sticky

  serverfarm maximomif.test.ca-HTTP

sticky ip-netmask 255.255.255.255 address source maximomif.test.ca-HTTPS-PERSIST

  timeout 5

  replicate sticky

  serverfarm maximomif.test.ca-HTTPS

sticky ip-netmask 255.255.255.255 address source maximosys.test.ca-HTTP-PERSIST

  timeout 5

  replicate sticky

  serverfarm maximosys.test.ca-HTTP

sticky ip-netmask 255.255.255.255 address source maximosys.test.ca-HTTPS-PERSIST

  timeout 5

  replicate sticky

  serverfarm maximosys.test.ca-HTTPS

class-map match-any VIP-maximo.test.ca-HTTP

  2 match virtual-address 10.130.245.41 tcp eq www

  3 match virtual-address 10.130.245.41 tcp range 9081 9086

class-map match-any VIP-maximo.test.ca-HTTPS

  2 match virtual-address 10.130.245.41 tcp eq https

  3 match virtual-address 10.130.245.41 tcp range 9444 9449

class-map match-any VIP-maximomif.test.ca-HTTP

  2 match virtual-address 10.130.245.42 tcp eq www

  3 match virtual-address 10.130.245.42 tcp range 9087 9088

class-map match-any VIP-maximomif.test.ca-HTTPS

  2 match virtual-address 10.130.245.42 tcp eq https

  3 match virtual-address 10.130.245.42 tcp range 9450 9451

class-map match-any VIP-maximosys.test.ca-HTTP

  2 match virtual-address 10.130.245.43 tcp eq www

  3 match virtual-address 10.130.245.43 tcp range 9089 9090

class-map match-any VIP-maximosys.test.ca-HTTPS

  2 match virtual-address 10.130.245.43 tcp eq https

  3 match virtual-address 10.130.245.43 tcp eq 9452

  4 match virtual-address 10.130.245.43 tcp eq 9455

policy-map type loadbalance first-match L7-POLICY-maximo.test.ca-HTTP

  class class-default

    sticky-serverfarm maximo.test.ca-HTTP-PERSIST

policy-map type loadbalance first-match L7-POLICY-maximo.test.ca-HTTPS

  class class-default

    sticky-serverfarm maximo.test.ca-HTTPS-PERSIST

policy-map type loadbalance first-match L7-POLICY-maximomif.test.ca-HTTP

  class class-default

    sticky-serverfarm maximomif.test.ca-HTTP-PERSIST

policy-map type loadbalance first-match L7-POLICY-maximomif.test.ca-HTTPS

  class class-default

    sticky-serverfarm maximomif.test.ca-HTTPS-PERSIST

policy-map type loadbalance first-match L7-POLICY-maximosys.test.ca-HTTP

  class class-default

    sticky-serverfarm maximosys.test.ca-HTTP-PERSIST

policy-map type loadbalance first-match L7-POLICY-maximosys.test.ca-HTTPS

  class class-default

    sticky-serverfarm maximosys.test.ca-HTTPS-PERSIS

policy-map multi-match L4-VIP-LB-Policy-vlan411

class VIP-maximo.test.ca-HTTP

    loadbalance vip inservice

    loadbalance policy L7-POLICY-maximo.test.ca-HTTP

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 8 vlan 411

  class VIP-maximo.test.ca-HTTPS

    loadbalance vip inservice

    loadbalance policy L7-POLICY-maximo.test.ca-HTTPS

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 8 vlan 411

  class VIP-maximomif.test.ca-HTTP

    loadbalance vip inservice

    loadbalance policy L7-POLICY-maximomif.test.ca-HTTP

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 8 vlan 411

  class VIP-maximomif.test.ca-HTTPS

    loadbalance vip inservice

    loadbalance policy L7-POLICY-maximomif.test.ca-HTTPS

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 8 vlan 411

  class VIP-maximosys.test.ca-HTTP

    loadbalance vip inservice

    loadbalance policy L7-POLICY-maximosys.test.ca-HTTP

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 8 vlan 411

  class VIP-maximosys.test.ca-HTTPS

    loadbalance vip inservice

    loadbalance policy L7-POLICY-maximosys.test.ca-HTTPS

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 8 vlan 411

0 Helpful

rhgtyink
Level 1
Level 1
In response to stephg

‎02-08-2013 12:33 PM

Hi,

Do users only connect to port 80 or 443 on the VIPs?

In that case you can let the ACE do the Port NAT without to much trouble.

No need to 'rewrite' if you make sure your VIP only matches HTTP traffic and your rservers have a different port the ACE with autmatically NAT the ports for you. So that you have the following flow

client -> http (80) -> VIP IP -> rserver (9081)

If this is the desired setup changing this policy map from as-is:

class-map match-any VIP-maximo.test.ca-HTTP

  2 match virtual-address 10.130.245.41 tcp eq www

  3 match virtual-address 10.130.245.41 tcp range 9081 9086

to-be:

class-map match-any VIP-maximo.test.ca-HTTP

  2 match virtual-address 10.130.245.41 tcp eq www

Should be enough.

0 Helpful

stephg
Level 1
Level 1
In response to rhgtyink

‎02-08-2013 06:13 PM

Hi,

The problem is that server forces the port number in the URL. I would like to remove it.

Ex: user goes to http://maximo.test.ca
The browser gets back the following url http://maximo.test.ca:9081/maximo from the device which is than blocked by the ACE because of the 9081 port number.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card