Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2033
Views
0
Helpful
2
Replies

ACE "ssl url rewrite" not working

Giovanni Perteghella
Level 1
Level 1

‎12-18-2009 07:17 AM

Given this sample configuration and the info from https://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/actnlist.html#wp1041777 and https://supportforums.cisco.com/message/466726#466726 when I request http://test.webserver.com the request is not rewritten.

I have A2 1.6a system image file.

action-list type modify http HTTP2HTTPS-REWRITE
ssl url rewrite location "test\.webserver\.com"

class-map match-any L4-SFARM-HB-IN-CHIARO
description VIP 10.7.2.242 service WEB  SSL termination on ACE
2 match virtual-address 10.7.2.242 tcp eq https

policy-map type loadbalance first-match L7-SFARM-HB-IN-CHIARO
description Policy to balance request to SFARM-HB
class class-default
   sticky-serverfarm STICKY-SFARM-HB-IN-CHIARO
   action HTTP2HTTPS-REWRITE

policy-map multi-match L4_VIP3_POLICY
description Multi-Match VIPs on Vlan 13 to ServerFarms
class L4-SFARM-HB-IN-CHIARO
   loadbalance vip inservice
   loadbalance policy L7-SFARM-HB-IN-CHIARO
   loadbalance vip icmp-reply active
   ssl-proxy server SSL_PROXY_SERVER

Thanks in advance

Labels:
0 Helpful
2 Replies 2

rvavale
Cisco Employee
Cisco Employee

‎12-20-2009 07:29 PM

Hi Giovanni,

With current config, if the Server sends a 302 Redirect Location header as "http://test.webserver.com" then
ACE will rewrite this request and forward it to Client as HTTPS "https://test.webserver.com".


Is this what you want to achieve with this config and its not working?

Please explain expected behaviour when giving request.

Thanks,

Rahul

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-21-2009 11:27 AM

Get a sniffer trace to verify if there is really a redirect and what the location field looks like.

You can also try to set the url to ".*" so that we know it is not an issue with the url.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents