Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
4
Helpful
2
Replies

URL redirection on https with CSS

Go to solution
rv_viji
Level 1
Level 1

‎01-17-2008 07:17 AM

Hi,

We want to acheive the url redirection in such a way that, when user type https://192.168.10.171 it should get redirected to full url as https://192.168.10.171/uat/servlet/BrowserServlet

I tried searching the web, I could find some configurations for http to https redirection but that could not help me..

Below is the existing configuration of the CSS

=========================================

*********************** SSL PROXY LIST ***********************

ssl-proxy-list UAT

ssl-server 1

ssl-server 1 rsakey BMKEYFILE

ssl-server 1 vip address 192.168.10.171

ssl-server 1 cipher rsa-export1024-with-rc4-56-sha 192.168.10.171 80 weight 10

ssl-server 1 cipher rsa-with-3des-ede-cbc-sha 192.168.10.171 80 weight 9

ssl-server 1 cipher rsa-with-rc4-128-sha 192.168.10.171 80 weight 8

ssl-server 1 cipher rsa-with-rc4-128-md5 192.168.10.171 80 weight 7

ssl-server 1 rsacert BMORIGCERTFILE

active

!************************** SERVICE **************************

service SSLMOD

type ssl-accel

slot 4

keepalive type none

add ssl-proxy-list UAT

active

service UAT-1

ip address 192.168.10.6

port 80

protocol tcp

redundant-index 1

keepalive type tcp

keepalive port 9080

active

service UAT-2

port 80

protocol tcp

redundant-index 2

ip address 192.168.10.86

keepalive type tcp

keepalive port 9080

active

service UAT-3

ip address 192.168.10.8

port 80

protocol tcp

redundant-index 3

keepalive port 9080

keepalive type tcp

active

!*************************** OWNER ***************************

owner BMAPP-CBS

content CBS-UAT

vip address 192.168.10.171

add service UAT-1

add service UAT-2

add service UAT-3

protocol tcp

port 80

url "/*"

redundant-index 101

advanced-balance sticky-srcip

active

content SSL-CBS-UAT

application ssl

protocol tcp

port 443

vip address 192.168.10.171

add service SSLMOD

active

!*************************** GROUP ***************************

group SourceNAT

vip address 192.168.10.171

add destination service UAT-1

add destination service UAT-2

add destination service UAT-3

redundant-index 201

active

=========================================

Can someone give some inputs to acheive this...

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Diego Vargas
Cisco Employee
Cisco Employee

‎01-17-2008 07:31 AM

Hi,

You are already doing SSL termination for VIP 192.168.10.171.

There is no way to redirect https traffic since it is encrypted but you can can configure the redirect for a clear text rule that is going to be matched once the traffic is decrypted.

For instance, you can configure the content rule with url "/*" to send a redirect to

https://192.168.10.171/uat/servlet/BrowserServlet

and remove the services from there

Then you create another rule more specific with the services added matching traffic going to URL /uat/servlet/BrowserServlet

Something like this:

content CBS-UAT

vip address 192.168.10.171

add service UAT-1

add service UAT-2

add service UAT-3

protocol tcp

port 80

url "/uat/servlet/BrowserServlet"

redundant-index 102

advanced-balance sticky-srcip

active

content CBS-UAT-redirect

vip address 192.168.10.171

protocol tcp

port 80

url "/*"

redundant-index 101

redirect "https://192.168.10.171/uat/servlet/BrowserServlet"

active

The traffic going to https://192.168.10.171 will be decrypted, then redirected to https://192.168.10.171/uat/servlet/BrowserServlet, decrypted again and finally balanced.

Hope it helps!!

View solution in original post

2 Replies 2

Go to solution
Diego Vargas
Cisco Employee
Cisco Employee

‎01-17-2008 07:31 AM

Hi,

You are already doing SSL termination for VIP 192.168.10.171.

There is no way to redirect https traffic since it is encrypted but you can can configure the redirect for a clear text rule that is going to be matched once the traffic is decrypted.

For instance, you can configure the content rule with url "/*" to send a redirect to

https://192.168.10.171/uat/servlet/BrowserServlet

and remove the services from there

Then you create another rule more specific with the services added matching traffic going to URL /uat/servlet/BrowserServlet

Something like this:

content CBS-UAT

vip address 192.168.10.171

add service UAT-1

add service UAT-2

add service UAT-3

protocol tcp

port 80

url "/uat/servlet/BrowserServlet"

redundant-index 102

advanced-balance sticky-srcip

active

content CBS-UAT-redirect

vip address 192.168.10.171

protocol tcp

port 80

url "/*"

redundant-index 101

redirect "https://192.168.10.171/uat/servlet/BrowserServlet"

active

The traffic going to https://192.168.10.171 will be decrypted, then redirected to https://192.168.10.171/uat/servlet/BrowserServlet, decrypted again and finally balanced.

Hope it helps!!

Go to solution
rv_viji
Level 1
Level 1
In response to Diego Vargas

‎01-18-2008 05:56 AM

Hi,

Excellent, thanks a lot.

It worked.

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents