ACE "ssl url rewrite" not working

Giovanni Perteghella · ‎12-18-2009

Given this sample configuration and the info from https://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/actnlist.html#wp1041777 and https://supportforums.cisco.com/message/466726#466726 when I request http://test.webserver.com the request is not rewritten.

I have A2 1.6a system image file.

action-list type modify http HTTP2HTTPS-REWRITE
ssl url rewrite location "test\.webserver\.com"

class-map match-any L4-SFARM-HB-IN-CHIARO
description VIP 10.7.2.242 service WEB SSL termination on ACE
2 match virtual-address 10.7.2.242 tcp eq https

policy-map type loadbalance first-match L7-SFARM-HB-IN-CHIARO
description Policy to balance request to SFARM-HB
class class-default
sticky-serverfarm STICKY-SFARM-HB-IN-CHIARO
action HTTP2HTTPS-REWRITE

policy-map multi-match L4_VIP3_POLICY
description Multi-Match VIPs on Vlan 13 to ServerFarms
class L4-SFARM-HB-IN-CHIARO
   loadbalance vip inservice
   loadbalance policy L7-SFARM-HB-IN-CHIARO
   loadbalance vip icmp-reply active
   ssl-proxy server SSL_PROXY_SERVER

Thanks in advance

rvavale · ‎12-20-2009

Hi Giovanni,

With current config, if the Server sends a 302 Redirect Location header as "http://test.webserver.com" then
ACE will rewrite this request and forward it to Client as HTTPS "https://test.webserver.com".

Is this what you want to achieve with this config and its not working?

Please explain expected behaviour when giving request.

Thanks,

Rahul

Gilles Dufour · ‎12-21-2009

Get a sniffer trace to verify if there is really a redirect and what the location field looks like.

You can also try to set the url to ".*" so that we know it is not an issue with the url.

Gilles.