08-30-2007 01:00 AM
Dear Pro:
I am try to 'redirect' incoming https request to a specific website, for example:
"Incoming->https://www.yahoo.com -->> http://www.yahoo.com", it does not work.
However, it does work for http redirect: "Incoming->http://www.yahoo.com -->> https://www.yahoo.com".
Any good comments? below is my config:
NOT working config:
content testlb_443
balance weightedrr
vip address 192.168.1.1
url "/*"
protocol tcp
port 443
redirect "http://www.yahoo.com"
active
Working config:
content testlb_80
balance weightedrr
url "/*"
vip address 192.168.1.2
protocol tcp
port 80
redirect "http://www.yahoo.com"
active
Thanks
SH
08-30-2007 04:28 AM
Hi,
It will be expected that the first configuration you mention will not work, let me explain you why:
The Rule testlb_443 is listening in the incoming port 443, which is a port that will carry secure encrypted traffic (SSL), this means that the L5-L7 (which includes the URL) will be encrypted, therefore the CSS cannot match any L5-L7 statement in that kind of request coming to port 443.
So you cannot use URL redirections on Rules that listen on port 443, unless you use a SSL-Module to decrypt the traffic first.
The request for the second Rule testlb_80, will work just fine since it is listening in a clear text port.
I hope this makes sense.
Thanks.
Josega.
08-30-2007 05:52 PM
Thanks, Josega
Do you know any workaround for this?
Regards
SH
08-30-2007 06:15 PM
The redirect can only be issued once https is decrypted.
Either offload SSL on SSL module and issue redirect, or offload SSL on server and then issue redirect.
08-30-2007 08:32 PM
Thanks, Zahkhan
It looks like I am out of luck.
Cheers
SH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: