HTTPS to HTTPS redirect

brian.cunningham · ‎09-24-2007

If we are doing SSL offloading for a particular VIP with a URL value of "/*" is it possible to create a content rule to redirect for the same VIP but a different URL value, i.e. "/test"? I've tried various redirect scenarios: redirect in the content rule and using a service with a redirect-string. It seems that every HTTPS request for the VIP will only match the content rule with URL "/*".

I'm trying to get the below to work.

content test-rule

vip address x.x.x.x

protocol tcp

port 443

application ssl

add service ssl_service

url "/*"

active

content test-rule-redirect

vip address x.x.x.x

protocol tcp

port 443

application ssl

redirect "https://test.domain.com/test/"

url "/test"

active

content test-rule-redirect2

vip address x.x.x.x

protocol tcp

port 443

application ssl

redirect "https://test.domain.com/test/"

url "/"

active

Note: The two redirect rules purposely don't have wildcards in the url lines.

diro · ‎09-24-2007

This will never work with this setup, reason:

You are supplying a url to an ssl content rule the content is at that time still encrypted so the css can not read the url.

Solution:

Create an ssl content rule that gives traffic to an ssl server and in the ssl server refer back to an http conten rule where you then specify the redirect because at that time the ssl is unencrypted.

content test-rule

vip address x.x.x.x

protocol tcp

port 443

application ssl

add service ssl_service

active

content test-rule-redirect

vip address x.x.x.x

protocol tcp

port 80

redirect "https://test.domain.com/test/"

url "/test"

active

brian.cunningham · ‎09-25-2007

That makes sense. I forgot that the hostname/domain name portion of the URL is unencrypted while the rest of the URL is encrypted when using SSL.

Thanks for your help!