Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
3
Replies

ACE URL redirect

admin_2
Level 3
Level 3

‎05-12-2007 07:12 PM

I'm having some problems setting up a URL redirect from an ACE module. I have a class map that is matching content by VIP and I'm load balancing requests but I would like to be able to look at the source request and if it matches a specific list of IP's redirect the request to a different URL, and all other requests load balance to the server farm.

Thanks,

Bill

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-15-2007 05:00 AM

Bill,

you first need to classify the traffic.

Since you want different behavior depending on the source ip, you will need to use a class-map to match the ip the needs to be redirected.

ie:

class-map type http loadbalance match-all SRCIP1

match access-list ....

!

Then create 2 serverfarms.

One for loadbalancing and one for the url redirect.

Then create a policy-map that when matching your class-map above will use the redirect serverfarm and for the default class-map it uses the loadbalancing serverfarm

I hope this is clear enough like this.

If not, let me know.

Gilles.

0 Helpful

Not applicable
In response to Gilles Dufour

‎05-17-2007 06:52 AM

Giles,

Thank you for your assistance. I have implemented the commands and can now redirect http traffic to another website based on source address. I'm still having problems redirecting SSL traffic. It appears that the ACE is sending back the redirect as clear text, instead of encrypting it and sending it back to the client. I have attached a copy of my config. Any suggestions would be greatly appreciated.

rserver redirect ENCORE-REDIRECT

webhost-redirection http://wserror.xyz.com 302

inservice

rserver host ORADS-RDR1

ip address 10.9.40.51

inservice

rserver host ORADS-RDR2

ip address 10.9.40.52

inservice

rserver host ORADS-RDR3

ip address 10.9.40.53

inservice

ssl-proxy service ENCORE_SSL_SERVER

key ROCENCORE.PEM

cert ROCENCORECERT.PEM

chaingroup ENCORE

serverfarm host ENCORE

failaction purge

probe ENCORE

rserver ORADS-RDR1 80

inservice

rserver ORADS-RDR2 80

inservice

rserver ORADS-RDR3 80

inservice

serverfarm redirect ENCORE-REDIRECT

rserver ENCORE-REDIRECT

inservice

sticky ip-netmask 255.255.255.255 address both ENCORE-sticky

timeout 130

serverfarm ENCORE

class-map match-all CLASS_MAP_ENCORE-http

2 match virtual-address 10.6.9.17 tcp eq www

class-map match-all CLASS_MAP_ENCORE-https

2 match virtual-address 10.6.9.17 tcp eq https

class-map type http loadbalance match-any CLASS_MAP_PROXIES

2 match source-address 10.6.171.10 255.255.255.255

3 match source-address 10.6.164.10 255.255.255.255

4 match source-address 10.6.185.10 255.255.255.255

5 match source-address 10.6.178.10 255.255.255.255

6 match source-address 10.6.132.2 255.255.255.255

class-map type management match-any REMOTE_ACCESS

description Remote access traffic match

4 match protocol icmp any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY

class REMOTE_ACCESS

permit

policy-map type loadbalance first-match POLICYMAP_ENCORE_L7

class CLASS_MAP_PROXIES

serverfarm ENCORE-REDIRECT

class class-default

sticky-serverfarm ENCORE-sticky

policy-map multi-match POLICYMAP_ENCORE_L3L4

class CLASS_MAP_ENCORE-http

loadbalance vip inservice

loadbalance policy POLICYMAP_ENCORE_L7

loadbalance vip icmp-reply

class CLASS_MAP_ENCORE-https

loadbalance vip inservice

loadbalance policy POLICYMAP_ENCORE_L7

loadbalance vip icmp-reply

ssl-proxy server ENCORE_SSL_SERVER

access-group input ALL-ACCESS

interface vlan 10

description DATA_VLAN_AND_SVC_TO_ACE

ip address 10.6.9.3 255.255.255.240

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input POLICYMAP_ENCORE_L3L4

no shutdown

Thanks you,

Bill

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to

‎05-18-2007 01:32 AM

Bill,

this is a know code issue.

CSCsh52210: Redirect rserver behind SSL proxy send the redirect string not encrypted

This is fixed in version A1(4b) and later.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents