Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2961
Views
0
Helpful
3
Replies

ACE - HTTPS redirection

rajesh.perumalla
Level 1
Level 1

‎11-10-2008 04:45 PM

Hi,

How to configure the ACE to redirect a https request to different url.

For example

Clients requesting https://www.mycompany.com shall be redirected to https://www1.mycompany.com.

Please let me know.Thanks in Advance

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-11-2008 04:07 AM

First you will need to certificate and key associated with mycompany.com in order to decrypt the request.

Then you can configure a redirect rserver in order to send the redirect.

You can't do this if you do not have the key and cert as this is exactly the purpose of SSL.

Gilles.

0 Helpful

rajesh.perumalla
Level 1
Level 1
In response to Gilles Dufour

‎11-11-2008 01:59 PM

Hi Gilles,

I am having the certificate and the key.

Please check the config and confirm whether this looks fine or not.

I am using GSS to resolve www.mycompany.com and www1.mycompany.com

probe http Server1

interval 15

passdetect interval 60

request method head url /keepAlive.html

expect status 200 202

open 10

parameter-map type ssl PARAMMAP_SSL_TERMINATION

cipher RSA_WITH_3DES_EDE_CBC_SHA

cipher RSA_WITH_AES_128_CBC_SHA priority 2

cipher RSA_WITH_AES_256_CBC_SHA priority 3

rserver redirect HTTPS-REDIRECT

conn-limit max 4000000 min 4000000

webhost-redirection https://www1.mycompany.com.au 301

inservice

serverfarm host SFARM_HTTPS

rserver Server1_http 80

inservice

serverfarm redirect https-redirect

rserver HTTPS-REDIRECT

inservice

ssl-proxy service SSL_PSERVICE

key MYKEY.PEM

cert ACE-SP2.CER

ssl advanced-options PARAMMAP_SSL_TERMINATION

class-map type http loadbalance match-any HTTPS1

2 match http header Host header-value "www[.]mycompany[.]com"

class-map type http loadbalance match-any HTTPS2

2 match http header Host header-value "www1[.]mycompany[.]com"

policy-map type loadbalance first-match HTTPS

class HTTPS1

serverfarm https-redirect

class HTTP2

serverfarm SFARM_HTTPS

class class-default

serverfarm SFARM_HTTPS

policy-map multi-match HTTPS-PM

class HTTPS-RED

loadbalance vip inservice

loadbalance policy HTTPS

loadbalance vip icmp-reply active

ssl-proxy server SSL_PSERVICE

Also let me know know if there is any another way to configure the redirection other than matching host header.

Thanks in Advance

0 Helpful

Syed Iftekhar Ahmed
Level 8
Level 8
In response to rajesh.perumalla

‎11-11-2008 07:55 PM

It looks good and should work.

Just one recommendation for your configured probe

"Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds.

Thanks

Syed Iftekhar Ahmed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents