cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
967
Views
0
Helpful
4
Replies

CSS 11503 - Redirect from https to http

yahshianhui
Level 1
Level 1

Dear Pro:

I am try to 'redirect' incoming https request to a specific website, for example:

"Incoming->https://www.yahoo.com -->> http://www.yahoo.com", it does not work.

However, it does work for http redirect: "Incoming->http://www.yahoo.com -->> https://www.yahoo.com".

Any good comments? below is my config:

NOT working config:

content testlb_443

balance weightedrr

vip address 192.168.1.1

url "/*"

protocol tcp

port 443

redirect "http://www.yahoo.com"

active

Working config:

content testlb_80

balance weightedrr

url "/*"

vip address 192.168.1.2

protocol tcp

port 80

redirect "http://www.yahoo.com"

active

Thanks

SH

4 Replies 4

Jose Garcia
Level 1
Level 1

Hi,

It will be expected that the first configuration you mention will not work, let me explain you why:

The Rule testlb_443 is listening in the incoming port 443, which is a port that will carry secure encrypted traffic (SSL), this means that the L5-L7 (which includes the URL) will be encrypted, therefore the CSS cannot match any L5-L7 statement in that kind of request coming to port 443.

So you cannot use URL redirections on Rules that listen on port 443, unless you use a SSL-Module to decrypt the traffic first.

The request for the second Rule testlb_80, will work just fine since it is listening in a clear text port.

I hope this makes sense.

Thanks.

Josega.

Thanks, Josega

Do you know any workaround for this?

Regards

SH

The redirect can only be issued once https is decrypted.

Either offload SSL on SSL module and issue redirect, or offload SSL on server and then issue redirect.

Thanks, Zahkhan

It looks like I am out of luck.

Cheers

SH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: