Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
0
Helpful
1
Replies

HTTPS redirect on ASR 9010 BNG

Erik DeKegel
Level 1
Level 1

‎10-18-2017 03:17 AM - edited ‎03-01-2019 03:19 PM

Hi All,

 

I've successfully implemented the HTTP redirect feature to inactive users but facing issue with redirect the non HTTP traffic and more specifically HTTPS traffic, as most of the famous websites have been moved to HTTPS like google, facebook and many others so it's merely of no use if the feature doesn't work for HTTPS.


I have gone through this forum and find that it can be achieved via apache SSL server.Can anybody comment on the below response how it can be exactly done. 

"The "drawback" is here that the redirect only works for non https. For an https-redirect a-like, you'd need to redirect the user offbox to say a raspberry pi running apache SSL server for the page to be displayed. This will still generate a "security" violation when they want to go to https://whateveritis.com and get redirected to your portal, but it allows for the instruction as we are discussing here."

1. Is there config change required over BNG for HTTPS to work?
2. As I understand a HTTPS server with running apache SSL is required to in order to redirect the HTTPS traffic towards that server. Please comment.
3. How the BNG will intercept the HTTPS traffic because so far what I've tested only port 80 is being matched and rest other traffic was not matched though I have mentioned port 443 in the same ACL in order to redirect HTTP traffic.


Thanks,

Erik

Labels:
0 Helpful
1 Reply 1

Tim.Yu
Level 1
Level 1

‎11-22-2017 09:30 AM

Below is my idea for reference:

As ASR also rely on ACL to distinguish HTTP packet, but they can not do deep parse inside to identify HTTP header, so the only way is to rely on port (80). Even through now Apache server you can configure what ever port to use and Tomcat use 8080 by default....But ASR cannot treat other ports also as HTTP packet.

This is because distinguish is implemented via ACL and implemented by TCAM. This mechanism is not a CPU based logic and difficult to do deep parse inside a packet. Otherwise the forwarding performance you get will not be hundred Gbps level. 

HTTPS ASR can distinguish via port but they cannot distinguish any content inside. 

HTTP redirect they can redirect your page to a system defined portal. But HTTPS they cannot, so there is no point of redirect HTTPS....

0 Helpful
Customers Also Viewed These Support Documents