12-15-2009 08:03 AM
I currently have a site www.xyz.com. I need everything redirected to https://www.xyz.com and the ACE is doing the SSL termination.
Easy enough for all my port 80 traffic. I just match it and redirect with a 301 to https://www.xyz.com, but what about when someone types https://xyz.com. I need that to either redirect or rewrite it to https://www.xyz.com. I have tried action-list as well as L7 class maps with no luck.
rserver redirect xyz.com
webhost-redirection https://www.xyz.com
inservice
serverfarm redirect redirect-xyz.com
rserver xyz.com
inservice
class-map match-any http.xyz.com
2 match virtual-address 1.1.1.1 tcp eq www
class-map match-any https.xyz.com
2 match virtual-address 1.1.1.1 tcp eq https
policy-map type loadbalance first-match http.xyz.com-L7
class class-default
serverfarm redirect-xyz.com
policy-map type loadbalance first-match https.xyz.com-L7
class class-default
serverfarm xyz
policy-map multi-match int150
class https.xyz.com
loadbalance vip inservice
loadbalance policy https.xyz.com-L7
loadbalance vip icmp-reply active
ssl-proxy server www.xyz.com
class http.xyz.com
loadbalance vip inservice
loadbalance policy http.xyz.com-L7
loadbalance vip icmp-reply active
12-15-2009 09:00 AM
That's an issue that needs to be addressed on the dns server.
Because the browser will try to get the ip address associated with xyz.com ....
Most DNS server returns the same ip address for xyz.com and www.xyz.com.
If that's not the case, you need to make that change.
After that, for the ACE, all we see is an https request coming to virtual ip x.x.x.x.
We don't care if the user typed xyz.com or www.xyz.com.
Gilles
12-15-2009 09:12 AM
DNS is the same for xyz.com and www.xyz.com. My problem is that the certificate is only for www.xyz.com, so if the user types https://xyz.com they will get a certificate error and have to accept it. I need that to rewrite to https://www.xyz.com
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: