09-06-2007 07:14 PM
I want to redirect 2 specific URLs for multiple VIPs to HTTPS.
After reviewing the documentation and some forum posts here, I have the following configuration:
rserver redirect REDIRECT-HTTPS
webhost-redirection https://%h/%p 302
inservice
serverfarm redirect REDIRECT-SERVERS
rserver REDIRECT-HTTPS
inservice
class-map match-all CLASS-MAP-http
2 match virtual-address 10.10.10.10 eq http
class-map match-all CLASS-MAP-REDIRECT-https
2 match virtual-address 10.10.10.10 eq http
class-map type http loadbalance match-any HTTPS-REDIRECT
2 match http url /urla/*
3 match http url /urlb/*
policy-map type loadbalance first-match POLICYMAP-REDIRECT
class HTTPS-REDIRECT
serverfarm REDIRECT-SERVERS
policy-map multi-match POLICYMAP-L3L4
class CLASS-MAP-REDIRECT-https
loadbalance vip inservice
loadbalance policy POLICYMAP-REDIRECT
loadbalance vip icmp-reply
class CLASS-MAP-http
loadbalance vip inservice
loadbalance policy XYZ
What I want this to do is match URLs going to VIP 10.10.10.10 port 80 looking for http://<anything>/url-a/ and http://<anything>/url-b/
If these URLS are found, redirect them to the same URL only with https: in the front.
I want port 80 traffic that doesn't match these URLS to be load balanced as normal.
I believe the above configuration will do just that but I don't have any servers to test it on yet.
Does anyone see any issues?
09-07-2007 04:44 AM
What I usually do is
policy-map type loadbalance first-match POLICYMAP-REDIRECT
class HTTPS-REDIRECT
serverfarm REDIRECT-SERVERS
class class-default
serverfarm MyServers
So, you avoid the 2 class-map inside the policy multimatch.
But I believe your solution should work as well.
Gilles.
09-07-2007 04:57 AM
Giles -
Thanks. I have 10 different VIPs that I need to loadbalance and redirect for. From reading all the documentation and posts here, it seems that the configuration for this will be fairly long.. i.e 10 different VIPs for load-balance, 10 different VIPS for redirect.
I was hoping I could do a single class match with a match-any on the VIP address for the redirect, this doesn't seem possible, though..
Is there another solution I am missing..I'm trying to get as streamlined a config as possible.
Calvin
09-10-2007 02:26 AM
you can create a class-map like
match vip 0.0.0.0 0.0.0.0 tcp eq 80
See if it works.
Gilles.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: