11-02-2005 12:33 PM
I am trying to redirect HTTP traffic as SSL when users use the wrong URL. The standard SSL config works fine but as soon as I add the policy to the VSERVER nothing works and I get a "cannot find server" message.
map test-http url
match protocol http url abc.company.com*
serverfarm test-redir
redirect-vserver test-http-https
webhost relocation abc.company.com%p
ssl 10000
inservice
policy TEST-REDIR
url-map TEST-HTTP
serverfarm TEST-REDIR
serverfarm P-TEST-E
nat server
no nat client
real 10.6.0.16
inservice
real 10.6.0.17
inservice
vserver P-EINVOICE-E
virtual 10.129.59.50 tcp 10000
serverfarm P-TEST-E
sticky 240 group 2
persistent rebalance
slb-policy TEST-REDIR
11-03-2005 04:50 AM
at first glance I would say this looks ok.
Capture a sniffer trace and see if you get a redirect.
Do a 'sho mod csm X vserver name P-EINVOICE-E detail' and verify if you have hits on your slb policy.
Is the traffic coming on port tcp 10000 is HTTP or HTTPS ???
If HTTPS you can't use the policy with a url-map and you can't use a redirect.
HTTPS traffic being encrypted the CSM is unable to read it or modify it.
Regards,
Gilles.
Thanks for rating this answer.
11-03-2005 08:12 AM
We do something simialr mroe for asthetics then anything. I use the below method. All it does it redirect the port really via url redirect. You should eb able to append the desired port numeber to the Url. Maybe I read your request wrong.
serverfarm CSG
nat server
no nat client
predictor leastconns
real name PRD01
inservice
real name PRD02
inservice
health retries 30 failed 300
probe SSL-CSG
!
serverfarm CSG-REDIR
nat server
no nat client
redirect-vserver CSG-REDIR
webhost relocation https://csg.oxo.com
inservice
!
vserver CSG-80
virtual 192.168.9.160 tcp www
serverfarm CSG-REDIR
persistent rebalance
inservice
!
vserver CSG-SSL
virtual 192.168.9.160 tcp https
replicate csrp sticky
replicate csrp connection
no persistent rebalance
slb-policy CSG-SSL
inservice
11-03-2005 10:28 AM
Thanks to both of you but I think what I'm trying to do can't be done. In my example abc.company.com is using the VIP 10.129.59.50. What I want to happen is for https requests to use the VIP and be load balanced. Http requests should be redirected as https requests and hit the VIP again. The result of my configuration is a request comes in, the https requests don't match the policy and get dumped, http gets redirected to https hits the VIP again and gets dumped because now it is https which does not match the policy. Does anyone have an idea as to how to get around this?
11-04-2005 01:01 AM
the solution must come from the server side.
The CSM would not be able to do this as it expects traffic to be either HTTPs or HTTP.
Regards,
Gilles.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: