01-17-2008 07:17 AM
Hi,
We want to acheive the url redirection in such a way that, when user type https://192.168.10.171 it should get redirected to full url as https://192.168.10.171/uat/servlet/BrowserServlet
I tried searching the web, I could find some configurations for http to https redirection but that could not help me..
Below is the existing configuration of the CSS
=========================================
*********************** SSL PROXY LIST ***********************
ssl-proxy-list UAT
ssl-server 1
ssl-server 1 rsakey BMKEYFILE
ssl-server 1 vip address 192.168.10.171
ssl-server 1 cipher rsa-export1024-with-rc4-56-sha 192.168.10.171 80 weight 10
ssl-server 1 cipher rsa-with-3des-ede-cbc-sha 192.168.10.171 80 weight 9
ssl-server 1 cipher rsa-with-rc4-128-sha 192.168.10.171 80 weight 8
ssl-server 1 cipher rsa-with-rc4-128-md5 192.168.10.171 80 weight 7
ssl-server 1 rsacert BMORIGCERTFILE
active
!************************** SERVICE **************************
service SSLMOD
type ssl-accel
slot 4
keepalive type none
add ssl-proxy-list UAT
active
service UAT-1
ip address 192.168.10.6
port 80
protocol tcp
redundant-index 1
keepalive type tcp
keepalive port 9080
active
service UAT-2
port 80
protocol tcp
redundant-index 2
ip address 192.168.10.86
keepalive type tcp
keepalive port 9080
active
service UAT-3
ip address 192.168.10.8
port 80
protocol tcp
redundant-index 3
keepalive port 9080
keepalive type tcp
active
!*************************** OWNER ***************************
owner BMAPP-CBS
content CBS-UAT
vip address 192.168.10.171
add service UAT-1
add service UAT-2
add service UAT-3
protocol tcp
port 80
url "/*"
redundant-index 101
advanced-balance sticky-srcip
active
content SSL-CBS-UAT
application ssl
protocol tcp
port 443
vip address 192.168.10.171
add service SSLMOD
active
!*************************** GROUP ***************************
group SourceNAT
vip address 192.168.10.171
add destination service UAT-1
add destination service UAT-2
add destination service UAT-3
redundant-index 201
active
=========================================
Can someone give some inputs to acheive this...
Regards
Solved! Go to Solution.
01-17-2008 07:31 AM
Hi,
You are already doing SSL termination for VIP 192.168.10.171.
There is no way to redirect https traffic since it is encrypted but you can can configure the redirect for a clear text rule that is going to be matched once the traffic is decrypted.
For instance, you can configure the content rule with url "/*" to send a redirect to
https://192.168.10.171/uat/servlet/BrowserServlet
and remove the services from there
Then you create another rule more specific with the services added matching traffic going to URL /uat/servlet/BrowserServlet
Something like this:
content CBS-UAT
vip address 192.168.10.171
add service UAT-1
add service UAT-2
add service UAT-3
protocol tcp
port 80
url "/uat/servlet/BrowserServlet"
redundant-index 102
advanced-balance sticky-srcip
active
content CBS-UAT-redirect
vip address 192.168.10.171
protocol tcp
port 80
url "/*"
redundant-index 101
redirect "https://192.168.10.171/uat/servlet/BrowserServlet"
active
The traffic going to https://192.168.10.171 will be decrypted, then redirected to https://192.168.10.171/uat/servlet/BrowserServlet, decrypted again and finally balanced.
Hope it helps!!
01-17-2008 07:31 AM
Hi,
You are already doing SSL termination for VIP 192.168.10.171.
There is no way to redirect https traffic since it is encrypted but you can can configure the redirect for a clear text rule that is going to be matched once the traffic is decrypted.
For instance, you can configure the content rule with url "/*" to send a redirect to
https://192.168.10.171/uat/servlet/BrowserServlet
and remove the services from there
Then you create another rule more specific with the services added matching traffic going to URL /uat/servlet/BrowserServlet
Something like this:
content CBS-UAT
vip address 192.168.10.171
add service UAT-1
add service UAT-2
add service UAT-3
protocol tcp
port 80
url "/uat/servlet/BrowserServlet"
redundant-index 102
advanced-balance sticky-srcip
active
content CBS-UAT-redirect
vip address 192.168.10.171
protocol tcp
port 80
url "/*"
redundant-index 101
redirect "https://192.168.10.171/uat/servlet/BrowserServlet"
active
The traffic going to https://192.168.10.171 will be decrypted, then redirected to https://192.168.10.171/uat/servlet/BrowserServlet, decrypted again and finally balanced.
Hope it helps!!
01-18-2008 05:56 AM
Hi,
Excellent, thanks a lot.
It worked.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide