ACE Module Redirect to HTTPS for 2 specific URLs

Unanswered Question

I want to redirect 2 specific URLs for multiple VIPs to HTTPS.


After reviewing the documentation and some forum posts here, I have the following configuration:


rserver redirect REDIRECT-HTTPS

webhost-redirection https://%h/%p 302

inservice


serverfarm redirect REDIRECT-SERVERS

rserver REDIRECT-HTTPS

inservice


class-map match-all CLASS-MAP-http

2 match virtual-address 10.10.10.10 eq http


class-map match-all CLASS-MAP-REDIRECT-https

2 match virtual-address 10.10.10.10 eq http


class-map type http loadbalance match-any HTTPS-REDIRECT

2 match http url /urla/*

3 match http url /urlb/*


policy-map type loadbalance first-match POLICYMAP-REDIRECT

class HTTPS-REDIRECT

serverfarm REDIRECT-SERVERS


policy-map multi-match POLICYMAP-L3L4

class CLASS-MAP-REDIRECT-https

loadbalance vip inservice

loadbalance policy POLICYMAP-REDIRECT

loadbalance vip icmp-reply

class CLASS-MAP-http

loadbalance vip inservice

loadbalance policy XYZ


What I want this to do is match URLs going to VIP 10.10.10.10 port 80 looking for http://<anything>/url-a/ and http://<anything>/url-b/


If these URLS are found, redirect them to the same URL only with https: in the front.


I want port 80 traffic that doesn't match these URLS to be load balanced as normal.


I believe the above configuration will do just that but I don't have any servers to test it on yet.


Does anyone see any issues?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 09/07/2007 - 04:44
User Badges:
  • Cisco Employee,

What I usually do is


policy-map type loadbalance first-match POLICYMAP-REDIRECT

class HTTPS-REDIRECT

serverfarm REDIRECT-SERVERS

class class-default

serverfarm MyServers


So, you avoid the 2 class-map inside the policy multimatch.


But I believe your solution should work as well.


Gilles.

Giles -


Thanks. I have 10 different VIPs that I need to loadbalance and redirect for. From reading all the documentation and posts here, it seems that the configuration for this will be fairly long.. i.e 10 different VIPs for load-balance, 10 different VIPS for redirect.


I was hoping I could do a single class match with a match-any on the VIP address for the redirect, this doesn't seem possible, though..


Is there another solution I am missing..I'm trying to get as streamlined a config as possible.


Calvin

Gilles Dufour Mon, 09/10/2007 - 02:26
User Badges:
  • Cisco Employee,

you can create a class-map like


match vip 0.0.0.0 0.0.0.0 tcp eq 80


See if it works.


Gilles.

Actions

This Discussion