02-05-2016 06:40 AM
Hi
I have a ACE 30 with a VIP listening on 443 the passing traffic out to the rservers also on 443 - no ssl offload.
Is it possible to have a redirect for clients coming in on http to redirect to https?
Any config examples would be handy.
thanks
02-08-2016 10:25 PM
Derek, maybe you can check this link: https://supportforums.cisco.com/document/12439761/cisco-ace-http-https-redirection-ssl-termination
Hope this helps!
Jorge
Don´t forget to rate the answer.
12-18-2017 06:13 AM
05-14-2018 03:41 AM
Hi,
you can try this configuration
rserver redirect rserver-redir_HTTPtoHTTPS
webhost-redirection https://%h/%p 301
inservice
serverfarm redirect sfarm-redirect_HTTPtoHTTPS
rserver rserver-redir_HTTPtoHTTPS
inservice
class-map match-any cmap-vip_HTTPtoHTTPS
2 match virtual-address 192.168.10.10 tcp eq www
policy-map type loadbalance first-match pmap-lb_HTTPtoHTTPS
class class-default
serverfarm sfarm-redirect_HTTPtoHTTPS
policy-map multi-match pmap_whatever
class cmap-vip_HTTPtoHTTPS
loadbalance vip inservice
loadbalance policy pmap-lb_HTTPtoHTTPS
12-10-2018 06:25 PM
I will give you for one rserver, one serverfarm, one class map. You please do that same for rest of them. Test one first and replicate to others.
rserver redirect QA-group_1_redirect_rserver
webhost-redirection
https://10.37.5.93/ 302
inservice
This is the redirect server.
rserver host QA-1.1
ip address 10.37.5.111
inservice
rserver host QA-1.2
ip address 10.37.5.88
inservice
Normal servers to which the traffic would be loadbalanced.
serverfarm redirect SF_QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
This is redirect serverfarm
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
rserver QA-1.1 443
inservice
rserver QA-1.2 443
inservice
Normal serverfarm with two rservers in it to which we will loadbalance the traffic.
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.93 tcp eq www
The class-map is condition for redirection. If user comes on 10.37.5.93 on 80.
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.93 tcp eq https
Condition for user coming on port 443
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
serverfarm SF_QA-group_1_REDIRECT
This is a policy or action which ACE will take after the condition matches which is to redirect.
policy-map type loadbalance first-match QA_GROUP1_HTPPS
class class-default
serverfarm SF_QA-group_1_HTTPS
This is for HTTPS
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
loadbalance vip icmp-reply
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy QA_GROUP1_HTPPS
loadbalance vip icmp-reply
Same action is applied to the policy. If it matches class QA-group_1_HTTP, redirect it, since redirect policy is applied and if it matches class QA-group_1_HTTPS, loadbalance the traffic since LB policy is applied.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: