http to https redirection

Answered Question
May 31st, 2007
User Badges:

I have a sceanrio where I need to redirect to https from http. For example, if customers enter


http://www.sm.com should be redirected to https://www.sm.com


http://www.sm.com/portal -> https://www.sm.com/portal


The first redirect works fine. But the second redirect which is for the portal site works only when customers enter https://www.sm.com/portal. If customers enter http://www.sm.com/portal, they get redirected to https://www.sm.com due to the service redirect-sm which looks for the wildcard match "/*". I tried to be more granular with the redirect but nothing seems to work. Here is the config.


SSL termination is done on the CSS and the servers are listening on port 80. I have the following config


service smweb01-80

port 80

keepalive frequency 10

ip address 10.20.20.11

keepalive type http

keepalive port 80

active


service smweb02-80

port 80

keepalive frequency 10

keepalive type http

keepalive port 80

ip address 10.20.20.12

active


service redirect-sm

type redirect

keepalive type none

ip address 1.1.1.1

no prepend-http

redirect-string "https://www.bsm.com"

active


service redirect-sm-portal

type redirect

keepalive type none

ip address 1.1.1.1

no prepend-http

redirect-string "https://www.sm.com/portal"

active


service ssl_serv1

type ssl-accel

slot 3

add ssl-proxy-list sm

port 443

keepalive type none

active


content sm-redirect

add service redirect-sm

vip address 10.10.16.12

protocol tcp

port 80

url "/*"

active


content sm-redirect-portal

add service redirect-sm-portal

vip address 10.10.16.12

protocol tcp

port 80

url "/portal*"

active


content sm.com-decrypt

vip address 10.10.16.22

add service smweb01-80

add service smweb02-80

protocol tcp

port 81

active


Any help would be appreciated.

Correct Answer by Gilles Dufour about 10 years 4 weeks ago

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml


in the url above, you'll see the 3 methods to do redirect.

You need to use option #3, with the command 'domain'.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mchockalingam Fri, 06/01/2007 - 04:14
User Badges:

Gilles,


I used this link to configure the redirect service. But I am not really understanding the difference between domain and a redirect string.


I modified the following redirect service to use domain instead of a string but still http://www.sm.com/portal does not redirect to https://www.sm.com/portal but instead it redirects to https://www.sm.com


service redirect-sm-portal

type redirect

keepalive type none

ip address 1.1.1.1

no prepend-http

redirect-string "https://www.sm.com/portal"

active


mchockalingam Mon, 06/04/2007 - 09:44
User Badges:

The following config worked.


service redirect-sm

type redirect

keepalive type none

ip address 1.1.1.1

no prepend-http

domain https://www.bsm.com

active


service redirect-sm-portal

type redirect

keepalive type none

ip address 1.1.1.1

no prepend-http

redirect-string "https://www.sm.com/portal"

active


Gilles Dufour Mon, 06/04/2007 - 09:58
User Badges:
  • Cisco Employee,

the domain command will only change the hostname and leave the url unchanged.

The redirect-string will change both the hostname and the url.


Gilles.

Actions

This Discussion