ssl redirect/rewrite

Unanswered Question
Dec 15th, 2009

I currently have a site www.xyz.com.  I need everything redirected to https://www.xyz.com and the ACE is doing the SSL termination.

Easy enough for all my port 80 traffic.  I just match it and redirect with a 301 to https://www.xyz.com, but what about when someone types https://xyz.com.  I need that to either redirect or rewrite it to https://www.xyz.com.  I have tried action-list as well as L7 class maps with no luck.

rserver redirect xyz.com
  webhost-redirection https://www.xyz.com
  inservice
 
serverfarm redirect redirect-xyz.com
  rserver xyz.com
    inservice
   
  class-map match-any http.xyz.com
  2 match virtual-address 1.1.1.1 tcp eq www
 
  class-map match-any https.xyz.com
  2 match virtual-address 1.1.1.1 tcp eq https
 
  policy-map type loadbalance first-match http.xyz.com-L7
  class class-default
    serverfarm redirect-xyz.com
 
  policy-map type loadbalance first-match https.xyz.com-L7
  class class-default
    serverfarm xyz
   
policy-map multi-match int150
  class https.xyz.com
    loadbalance vip inservice
    loadbalance policy https.xyz.com-L7
    loadbalance vip icmp-reply active
    ssl-proxy server www.xyz.com

  class http.xyz.com
    loadbalance vip inservice
    loadbalance policy http.xyz.com-L7
    loadbalance vip icmp-reply active

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 12/15/2009 - 09:00

That's an issue that needs to be addressed on the dns server.

Because the browser will try to get the ip address associated with xyz.com ....

Most DNS server returns the same ip address for xyz.com and www.xyz.com.

If that's not the case, you need to make that change.

After that, for the ACE, all we see is an https request coming to virtual ip x.x.x.x.

We don't care if the user typed xyz.com or www.xyz.com.

Gilles

Actions

This Discussion