Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1885
Views
0
Helpful
7
Replies

cisco ACE- http tp https redirection of URL

parvees123
Level 1
Level 1

‎08-19-2008 03:40 AM

Hi all,

My customer got a strange requirement

when ever he access website on port http:// it should redirect to https:// automatically with out the end user getting intimated . He dont want this to happen in the application level coding , rather he want ACE and FW to handle this

I tried to redirect the port from 80 to 443 on FWSM firewall and send the traffic to the VIP of the ACE on 443 port , ACE is not issuing certificate in this case. But when i directly accessed the site with https:// then ACE is issuing certificate.

I know if i am doing port redirection still it is a http session only, but i heard that we can do some sort of URL redirection at ACE level . How can i achieve this .. Appreciate all your ideas

with regards

Parvees

Labels:
0 Helpful
7 Replies 7

Frederick Reimer
Level 4
Level 4

‎08-19-2008 05:31 AM

You need to setup a redirect rserver and redirect serverfarm, to redirect traffic going to port 80 on an IP address to another URL which is HTTPS (port443). See here for an example:

http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/rsfarms.html#wp1046009

rserver redirect SERVER1

webhost-redirection https://192.168.120.132/redirect-100k.html 301

inservice

serverfarm redirect SFARM1

rserver SERVER1

inservice

You would setup another VIP and serverfarm for 192.168.120.132 tcp eq 443...

0 Helpful

David Niemann
Level 3
Level 3
In response to Frederick Reimer

‎03-15-2009 02:01 PM

I had this configured the same, but ran into users getting IE errors switching between secure and non-secure. I found a doc that recommended using the URL rewrite method instead to avoid the IE error, but can't come up with a wild card that works for rewriting any URL received as http to https.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to David Niemann

‎03-17-2009 05:29 AM

If your server has hardcoded some links, you will again switch to http and see the message secure/unsecure.

Same if the server has configured a redirect.

The redirect will again send the user to http.

The ssl header rewrite can only be done for the 2nd case where the server sends a redirect.

We can modify the redirect to point to https instead of http.

But for the first case, hardcoded links, there is nothing we can do.

Gilles.

0 Helpful

David Niemann
Level 3
Level 3
In response to Gilles Dufour

‎03-17-2009 05:32 AM

Does that mean there may be some hardcoded links on the servers that use http instead of https?

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to David Niemann

‎03-17-2009 05:58 AM

you should sniff the traffic and decode it using the server private key with wireshark to see what the server is doing.

If this is a redirect, we should be able to rewrite it.

Gilles.

0 Helpful

David Niemann
Level 3
Level 3
In response to Gilles Dufour

‎03-17-2009 06:02 AM

Thanks for the advice. I will do that and let you know the outcome. If it will require a rewrite is there a way to use a wildcard to rewrite any http urls to https?

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to David Niemann

‎03-17-2009 06:35 AM

yes, you can use a wildcard.

switch/Admin(config)# action-list type modify http SSL-Rewrite

switch/Admin(config-actlist-modify)# ssl url rewrite location .*

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents