Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE https redirection to subdirectory

Hello Experts,

I have a request as below.

Traffic hits ACE on VIP which is a https traffic with SSL offloading and then traffic should be redirected to subdirectory which is mentioned below. I can redirect the traffic and make a try but it's not working with SSL rewrite and with action list. Can https traffic be redirected to subdirectory? My SSL offloading is working well but when i type the URL it give me HTTP respnose code as 403 forbidden, it looks that a proper action list is needed to redirect to subdirectory. Please suggest.

eg: https://abc-tx.mn.abc.net to 

https://abc-tx.mn.abc.net/path

5 REPLIES
Cisco Employee

ACE https redirection to subdirectory

Hi Abhik,

You want ACE to redirect the traffic coming in on VIP or you want that ACE shall rewrite the server response and rewrite the redirect responses which might be in HTTP?

The HTTPS to HTTPS redirection is exactly like HTTP plus SSL offloading that you need to configure and it should work fine. Can you share your configuration and explain what exactly is the requirment. You are saying you can redirect the traffic but it is not working with SSL rewrite and with action list. I am not sure what exactly is the configuration and what is expected.

Regards,

Kanwal

New Member

ACE https redirection to subdirectory

Hi Kanwal,

I have erased the ssl rewrite as was focussing on http header rewrite function with action list.

My requirement is that traffic would come to ACE as https://abc-tx.mn.abc.net and it should redirect traffic to https://abc-tx.mn.abc.net/int. On IIS they are not redirecting the traffic to /int subdirectory. So we need to make this happen on ACE.Can you please let me know from scratch how i can achieve it. FYI backend rservers are only listening on port 443 and not 80.

Thanks in advance kanwal.

regards

Abhik

Cisco Employee

ACE https redirection to subdirectory

Hi Abhik,

There is a problem. The problem is  that you are redirecting from HTTPS to HTTPS and HOSTNAME is same. When the user will come again with /int it will still come on same VIP and will get redirected again. This will be a problem. If it was HTTP to HTTPS redirection then scenario would have been different and it would have matched a different class-map condition. Is it a possibility to redirect from http to https or it has to be https to https. We can  create class-map based on http url and try.

Regards,

Kanwal

New Member

ACE https redirection to subdirectory

Hi Kanwal,

I am aware of http to https redirection to subdirectory and i am sure it will work. But for this specific requirement i am not able to achieve it. We need to achieve only with https to https redirection to subdirectory /int. .

And yes i agree with you that we can create a class map with http type . Do you have any idea how to bind the actual VIP and the class with http url and call it on multi-match. if you can help me with example config with the request it would be great.

thanks again!!

Cisco Employee

ACE https redirection to subdirectory

Hi Abhik,

Some thing like this:


class-map match-all LB
  2 match virtual-address 10.10.10.10 tcp eq https

class-map type http loadbalance match-all URL

  2 match http url abc.com

class-map type http loadbalance match-all URL1

  2 match http url abc.com/test

policy-map type loadbalance first-match LB

  class URL

    serverfarm Redirect

  class URL1

    serverfarm Webfarm

policy-map multi-match LB1

  class LB

    loadbalance vip inservice

    loadbalance policy LB

NOTE: This is just an example. When you try this in your set up please ensure that you apply SSL-PROXY configuration for HTTPS redirection and normal LB. If your servers also listen on 443 you will also need end to end ssl.

Regards,

Kanwal

408
Views
0
Helpful
5
Replies