11-10-2008 04:45 PM
Hi,
How to configure the ACE to redirect a https request to different url.
For example
Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.
Please let me know.Thanks in Advance
11-11-2008 04:07 AM
First you will need to certificate and key associated with mycompany.com in order to decrypt the request.
Then you can configure a redirect rserver in order to send the redirect.
You can't do this if you do not have the key and cert as this is exactly the purpose of SSL.
Gilles.
11-11-2008 01:59 PM
Hi Gilles,
I am having the certificate and the key.
Please check the config and confirm whether this looks fine or not.
I am using GSS to resolve www.mycompany.com and www1.mycompany.com
probe http Server1
interval 15
passdetect interval 60
request method head url /keepAlive.html
expect status 200 202
open 10
parameter-map type ssl PARAMMAP_SSL_TERMINATION
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
rserver redirect HTTPS-REDIRECT
conn-limit max 4000000 min 4000000
webhost-redirection https://www1.mycompany.com.au 301
inservice
serverfarm host SFARM_HTTPS
rserver Server1_http 80
inservice
serverfarm redirect https-redirect
rserver HTTPS-REDIRECT
inservice
ssl-proxy service SSL_PSERVICE
key MYKEY.PEM
cert ACE-SP2.CER
ssl advanced-options PARAMMAP_SSL_TERMINATION
class-map type http loadbalance match-any HTTPS1
2 match http header Host header-value "www[.]mycompany[.]com"
class-map type http loadbalance match-any HTTPS2
2 match http header Host header-value "www1[.]mycompany[.]com"
policy-map type loadbalance first-match HTTPS
class HTTPS1
serverfarm https-redirect
class HTTP2
serverfarm SFARM_HTTPS
class class-default
serverfarm SFARM_HTTPS
policy-map multi-match HTTPS-PM
class HTTPS-RED
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
ssl-proxy server SSL_PSERVICE
Also let me know know if there is any another way to configure the redirection other than matching host header.
Thanks in Advance
11-11-2008 07:55 PM
It looks good and should work.
Just one recommendation for your configured probe
"Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds.
Thanks
Syed Iftekhar Ahmed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: