HTTPS to HTTPS redirect

Unanswered Question
Sep 24th, 2007
User Badges:

If we are doing SSL offloading for a particular VIP with a URL value of "/*" is it possible to create a content rule to redirect for the same VIP but a different URL value, i.e. "/test"? I've tried various redirect scenarios: redirect in the content rule and using a service with a redirect-string. It seems that every HTTPS request for the VIP will only match the content rule with URL "/*".


I'm trying to get the below to work.


content test-rule

vip address x.x.x.x

protocol tcp

port 443

application ssl

add service ssl_service

url "/*"

active


content test-rule-redirect

vip address x.x.x.x

protocol tcp

port 443

application ssl

redirect "https://test.domain.com/test/"

url "/test"

active


content test-rule-redirect2

vip address x.x.x.x

protocol tcp

port 443

application ssl

redirect "https://test.domain.com/test/"

url "/"

active


Note: The two redirect rules purposely don't have wildcards in the url lines.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
diro Mon, 09/24/2007 - 21:58
User Badges:
  • Bronze, 100 points or more

This will never work with this setup, reason:

You are supplying a url to an ssl content rule the content is at that time still encrypted so the css can not read the url.

Solution:

Create an ssl content rule that gives traffic to an ssl server and in the ssl server refer back to an http conten rule where you then specify the redirect because at that time the ssl is unencrypted.


content test-rule

vip address x.x.x.x

protocol tcp

port 443

application ssl

add service ssl_service

active


content test-rule-redirect

vip address x.x.x.x

protocol tcp

port 80

redirect "https://test.domain.com/test/"

url "/test"

active


brian.cunningha... Tue, 09/25/2007 - 08:09
User Badges:

That makes sense. I forgot that the hostname/domain name portion of the URL is unencrypted while the rest of the URL is encrypted when using SSL.


Thanks for your help!

Actions

This Discussion