Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

cisco ACE- http tp https redirection of URL

Hi all,

My customer got a strange requirement

when ever he access website on port http:// it should redirect to https:// automatically with out the end user getting intimated . He dont want this to happen in the application level coding , rather he want ACE and FW to handle this

I tried to redirect the port from 80 to 443 on FWSM firewall and send the traffic to the VIP of the ACE on 443 port , ACE is not issuing certificate in this case. But when i directly accessed the site with https:// then ACE is issuing certificate.

I know if i am doing port redirection still it is a http session only, but i heard that we can do some sort of URL redirection at ACE level . How can i achieve this .. Appreciate all your ideas

with regards

Parvees

7 REPLIES
New Member

Re: cisco ACE- http tp https redirection of URL

You need to setup a redirect rserver and redirect serverfarm, to redirect traffic going to port 80 on an IP address to another URL which is HTTPS (port443). See here for an example:

http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/rsfarms.html#wp1046009

rserver redirect SERVER1

webhost-redirection https://192.168.120.132/redirect-100k.html 301

inservice

serverfarm redirect SFARM1

rserver SERVER1

inservice

You would setup another VIP and serverfarm for 192.168.120.132 tcp eq 443...

New Member

Re: cisco ACE- http tp https redirection of URL

I had this configured the same, but ran into users getting IE errors switching between secure and non-secure. I found a doc that recommended using the URL rewrite method instead to avoid the IE error, but can't come up with a wild card that works for rewriting any URL received as http to https.

Cisco Employee

Re: cisco ACE- http tp https redirection of URL

If your server has hardcoded some links, you will again switch to http and see the message secure/unsecure.

Same if the server has configured a redirect.

The redirect will again send the user to http.

The ssl header rewrite can only be done for the 2nd case where the server sends a redirect.

We can modify the redirect to point to https instead of http.

But for the first case, hardcoded links, there is nothing we can do.

Gilles.

New Member

Re: cisco ACE- http tp https redirection of URL

Does that mean there may be some hardcoded links on the servers that use http instead of https?

Cisco Employee

Re: cisco ACE- http tp https redirection of URL

you should sniff the traffic and decode it using the server private key with wireshark to see what the server is doing.

If this is a redirect, we should be able to rewrite it.

Gilles.

New Member

Re: cisco ACE- http tp https redirection of URL

Thanks for the advice. I will do that and let you know the outcome. If it will require a rewrite is there a way to use a wildcard to rewrite any http urls to https?

Cisco Employee

Re: cisco ACE- http tp https redirection of URL

yes, you can use a wildcard.

switch/Admin(config)# action-list type modify http SSL-Rewrite

switch/Admin(config-actlist-modify)# ssl url rewrite location .*

Gilles.

1306
Views
0
Helpful
7
Replies