ssl redirect/rewrite

jhayhurst · ‎12-15-2009

I currently have a site www.xyz.com. I need everything redirected to https://www.xyz.com and the ACE is doing the SSL termination.

Easy enough for all my port 80 traffic. I just match it and redirect with a 301 to https://www.xyz.com, but what about when someone types https://xyz.com. I need that to either redirect or rewrite it to https://www.xyz.com. I have tried action-list as well as L7 class maps with no luck.

rserver redirect xyz.com
webhost-redirection https://www.xyz.com
inservice

serverfarm redirect redirect-xyz.com
rserver xyz.com
    inservice

class-map match-any http.xyz.com
2 match virtual-address 1.1.1.1 tcp eq www

class-map match-any https.xyz.com
2 match virtual-address 1.1.1.1 tcp eq https

policy-map type loadbalance first-match http.xyz.com-L7
class class-default
    serverfarm redirect-xyz.com

policy-map type loadbalance first-match https.xyz.com-L7
class class-default
    serverfarm xyz

policy-map multi-match int150
class https.xyz.com
    loadbalance vip inservice
    loadbalance policy https.xyz.com-L7
    loadbalance vip icmp-reply active
    ssl-proxy server www.xyz.com

class http.xyz.com
    loadbalance vip inservice
    loadbalance policy http.xyz.com-L7
    loadbalance vip icmp-reply active

Gilles Dufour · ‎12-15-2009

That's an issue that needs to be addressed on the dns server.

Because the browser will try to get the ip address associated with xyz.com ....

Most DNS server returns the same ip address for xyz.com and www.xyz.com.

If that's not the case, you need to make that change.

After that, for the ACE, all we see is an https request coming to virtual ip x.x.x.x.

We don't care if the user typed xyz.com or www.xyz.com.

Gilles

jhayhurst · ‎12-15-2009

DNS is the same for xyz.com and www.xyz.com. My problem is that the certificate is only for www.xyz.com, so if the user types https://xyz.com they will get a certificate error and have to accept it. I need that to rewrite to https://www.xyz.com