Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need to redirect http://mobile/mobile to https://application/mobile

We are trying to set up a mobile application. The main website is reached via https://longname.com. The mobil application is https://longname.com/mobile

We want to set it up so that a user that is using a mobile device types in http://mobilename.com and it hits the load balancer and is redirected to https://longname.com/mobile.

Do we need to acquire another certificate to cover the mobilename.com address? Or will a redirect occur to get us to the standard address with a /mobile on it?

Just confusing whether we need a redirect, or a rewrite, and where/how to do that.

7 REPLIES
Cisco Employee

Re: Need to redirect http://mobile/mobile to https://application

Hi Ed,

You don't need a new certificate for http://mobilename.com because this is not the real site, if at any point you need to make this site secure as well and assuming that mobilename.com and longname.com resolve to the same public IP address then you can ask for a SAN SSL certificate to include this second domain.

Here is a config example, this is assuming both domains resolve to the same VIP address.

rserver redirect Redirect
webhost-redirection https://longname.com/mobile 301
inservice

serverfarm redirect Redirect
rserver Redirect
inservice


class-map type http loadbalance match-any Mobile
  2 match http url /mobile.*

class-map type http loadbalance match-any Redirect
  2 match http header Host header-value
"mobilename.com"

policy-map type loadbalance first-match domainX
   class Mobile
     serverfarm Mobile-SF

class Redirect
    serverfarm Redirect
  class class-default
    serverfarm Longname

- If user comes with mobilename.com as the request then will match the Redirect class and will be sent to the new URL https://longname.com/mobile

- Once redirected the user will now come with URI /mobile which would match the Mobile class load balancing the request to the SF for the mobile users.

- If none of the conditions is met for example a user from a local PC then class default will be used.

Hope this helps =)

__ __

Pablo

Community Member

Re: Need to redirect http://mobile/mobile to https://application

Thanks for the reply Pablo. I somewhat follow it, but under the policy map you define class Mobile with serverfarm Mobile-SF, but you don't specify a server farm by that name above. You only specify a serverfarm named Redirect. They just added to the list of redirects for mobile too.

If say domain is https://longname.com like in our example, then we want the following to be redirected to https://longname.com/mobile. That is done using that 301 you showed, correct?

So we would want these:

http://mobilename.com

http://m.longname.com

http://mobile.longname.com

To become, this https://longname.com/mobile.

To add the additional, would that change:

class-map type http loadbalance match-any Redirect
  2 match http header Host header-value
"mobilename.com"

To:

class-map type http loadbalance match-any Redirect
  2 match http header Host header-value
"mobilename.com"

  3 match http header Host header-value "m.longname.com

  4 match http header Host header-value "mobile.longname.com"

Also to better understand, I am assuming that the following means that any url with /mobile is class Mobile?

class-map type http loadbalance match-any Mobile
  2 match http url /mobile.*

Cisco Employee

Re: Need to redirect http://mobile/mobile to https://application

Hi Ed,

a. Mobile-SF is the real serverfarm with your physical servers, I've seen many people use different SF for mobile users and regular (browser) users but if that's not your case then you can use the same SF that you use for all the users.

b. Yup you're right assuming that all those domains are mapped to the same Public address then you can add them under the same class-map as the match any will apply a conditional "OR" and find the right one.

c.That's right the Mobile class map means that anything that comes with mobile as the URI right after the domain will be sent to the Mobile-SF, for example

https://longname.com/mobile/applications.htm >> MATCH

https://longname.com/mobile/appstore.html >>> MATCH

https://longname.com/user/mobile/login.htm >>> Doesn't match (uses class-default)

Let me know if you have any other question.

__ __

Pablo

Community Member

Re: Need to redirect http://mobile/mobile to https://application

No quite working. If I go to the mobile address it does bring up the page, but doesn't change the header to https://longname/mobile/

It acts as if we are at the right address and just adds the login page info.

I would share the actual config, but not in a public forum.

Cisco Employee

Re: Need to redirect http://mobile/mobile to https://application

Ed,

You can share the config in a PM or just post a sanitized copy on the forum.

BTW If you go to https://longname.com from a work station does it work?

Cheers!

__ __

Pablo

Community Member

Re: Need to redirect http://mobile/mobile to https://application

If I go to http://longname, it gets redirected to https://longname/cp/login.

If I go to https://longname, it hangs.

If I go to http://mobilename, it gets redirected to http://mobilename/cp/login.

If I go to https://mobilename, if gets redirected to http://mobilename/cp/login

I will clean up the file tomorrow morning and post it.

Community Member

Re: Need to redirect http://mobile/mobile to https://application

This is what I have under VC_HTTPD. Would be nice if they had a write net for the contexts.


logging enable
logging console 7
logging timestamp
logging trap 7
logging history 7
logging buffered 7
logging monitor 7
logging facility 21
logging host 10.190.13.249 udp/514


access-list ACL-NAT-B line 10 extended permit ip host 10.190.11.4 any
access-list ACL-NAT-B line 11 extended permit ip host 10.190.11.5 any
access-list ACL_NAT line 10 extended permit ip host 10.190.11.2 any
access-list ACL_NAT line 11 extended permit ip host 10.190.11.3 any
access-list ACL_PERMIT_HTTTP remark Access List to permit connections to HTTPD Environment
access-list ACL_PERMIT_HTTTP line 1 extended permit tcp any any
access-list ACL_PERMIT_HTTTP line 2 extended permit ip any any

parameter-map type connection Connection_Parameters
  set tcp timeout embryonic 10
  set tcp timeout half-closed 3601
parameter-map type ssl PARAMMAP_SSL
  cipher RSA_WITH_RC4_128_MD5
  cipher RSA_WITH_RC4_128_SHA
  cipher RSA_WITH_DES_CBC_SHA
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA
  cipher RSA_WITH_AES_256_CBC_SHA
  cipher RSA_EXPORT_WITH_RC4_40_MD5
  cipher RSA_EXPORT1024_WITH_RC4_56_MD5
  cipher RSA_EXPORT_WITH_DES40_CBC_SHA
  cipher RSA_EXPORT1024_WITH_DES_CBC_SHA
  cipher RSA_EXPORT1024_WITH_RC4_56_SHA
  authentication-failure ignore

rserver host HTTPD1
  ip address 10.190.11.2
  inservice
rserver host HTTPD1-B
  ip address 10.190.11.4
  inservice
rserver host HTTPD2
  ip address 10.190.11.3
  inservice
rserver host HTTPD2-B
  ip address 10.190.11.5
  inservice
rserver redirect REDIRECT-CUSTPORT-HTTPS
  webhost-redirection https://custport.mycompany.com
  inservice
rserver redirect REDIRECT-HTTPS
  webhost-redirection https://%h%p
  inservice
rserver redirect REDIRECT-TESTCASE-HTTPS
  webhost-redirection https://%h%p 302
  inservice
rserver redirect REDIRECT-TOPLEVELDOMAIN-HTTPS
  webhost-redirection https://www.alernatename.com
  inservice
rserver redirect Redirect-M
  description Redirecting mobile connections
  webhost-redirection https://custport.mycompany.com/mobile 301
  inservice

action-list type modify http HTTP_MODIFY_ACTLIST
  ssl url rewrite location "custport.mycompany.com"
action-list type modify http supplierriskmanager-rewrite
  ssl url rewrite location "www.alternatename.com"
action-list type modify http testcase-rewrite
  ssl url rewrite location "secondinstance.mycompany.com"

serverfarm host SF-HTTPD-B
  rserver HTTPD1-B 80
    inservice
  rserver HTTPD2-B 80
    inservice
serverfarm host SF-HTTPD
  rserver HTTPD1 80
    inservice
  rserver HTTPD2 80
    inservice
serverfarm redirect farm-custport-https
  rserver REDIRECT-CUSTPORT-HTTPS
    inservice
serverfarm redirect farm-custport-mobile
  description Server farm for mobile redirect
  rserver Redirect-M
    inservice
serverfarm redirect farm-https
  rserver REDIRECT-HTTPS
    inservice
serverfarm redirect farm-testcase-https
  rserver REDIRECT-TESTCASE-HTTPS
    inservice
serverfarm redirect farm-toplevel-https
  rserver REDIRECT-TOPLEVELDOMAIN-HTTPS
    inservice

ssl-proxy service PSERVICE_SERVER
  key ACEKEY.PM
  cert ACENEWCERT.PM
  ssl advanced-options PARAMMAP_SSL
ssl-proxy service PSERVICE_SERVER_B
  key testcase.key
  cert testcase.crt
  ssl advanced-options PARAMMAP_SSL
ssl-proxy service PSERVICE_SLRM
  key SLRM_KEY
  cert SLRM_CERT
  ssl advanced-options PARAMMAP_SSL

sticky http-cookie JSESSIONID jboss-cookie
  timeout 240
  replicate sticky
  serverfarm SF_HTTPD
sticky http-cookie JSESSIONID-B jboss-cookie-b
  timeout 240
  replicate sticky
  serverfarm SF-HTTPD-B

class-map type http loadbalance match-any L7_Mobile
  description Matching on Mobile
  2 match http url /mobile.*
class-map type http loadbalance match-any L7_Mobile_Redirect
  description Mobile Redirect
  2 match http header Host header-value "mymobile.com"
class-map type http loadbalance match-all L7_TESTCASE
  2 match http header Host header-value "secondinstance.mycompany.com"
class-map type http loadbalance match-all L7_TOPLEVELDOMAIN
  2 match http header Host header-value "alternatename.com"
class-map type http loadbalance match-all L7_ZIPLOCK
  2 match http header Host header-value "ziplock.mycompany.com"
class-map type management match-any Management
  201 match protocol snmp any
  202 match protocol icmp any
  203 match protocol https any
  204 match protocol http any
  205 match protocol ssh any
class-map match-any NAT_CLASS
  2 match access-list ACL_NAT
  3 match access-list ACL-NAT-B
class-map match-all VIP-HTTPD-B
  2 match virtual-address 10.190.11.72 tcp eq https
class-map match-all VIP-SIP-B
  2 match virtual-address 10.190.11.72 tcp eq www
class-map match-all VIP_HTTPD
  3 match virtual-address 10.190.11.70 tcp eq https
class-map match-all VIP_SP
  2 match virtual-address 10.190.11.70 tcp eq www

policy-map type management first-match Management
  class Management
    permit

policy-map type loadbalance first-match Mobile
  description Policy map for mobile connections
  class L7_Mobile
    serverfarm farm-custport-https
  class L7_Mobile_Redirect
    serverfarm farm-custport-mobile
  class class-default
    serverfarm farm-custport-https
policy-map type loadbalance http first-match POLICY-REDIRECT
  match test http url /*
    serverfarm farm-https
  class class-default
    serverfarm farm-https
policy-map type loadbalance first-match TESTCASE-l7slb
  class L7_TESTCASE
    serverfarm farm-testcase-https
policy-map type loadbalance first-match VIP-HTTPD-B-l7slb
  class class-default
    sticky-serverfarm jboss-cookie-b
policy-map type loadbalance first-match VIP-SIP-B-l7slb
  class class-default
    serverfarm farm-testcase-https
policy-map type loadbalance first-match VIP_HTTPD-l7slb
  class class-default
    sticky-serverfarm jboss-cookie
    action HTTP_MODIFY_ACTLIST
policy-map type loadbalance first-match VIP_SP-l7slb
  match test http url /
    serverfarm farm-https
  class L7_ZIPLOCK
    serverfarm farm-custport-https
  class class-default
    compress default-method gzip
    sticky-serverfarm jboss-cookie
policy-map type loadbalance http first-match ZIPLOCK-l7slb
  class L7_ZIPLOCK
    serverfarm farm-https

policy-map multi-match NAT_POLICY
  class NAT_CLASS
    nat dynamic 3 vlan 10
policy-map multi-match int10
  class VIP_HTTPD
    loadbalance vip inservice
    loadbalance policy VIP_HTTPD-l7slb
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 35
    ssl-proxy server PSERVICE_SERVER
    connection advanced-options Connection_Parameters
  class VIP_SP
    loadbalance vip inservice
    loadbalance policy VIP_SP-l7slb
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 35
  class VIP-HTTPD-B
    loadbalance vip inservice
    loadbalance policy VIP-HTTPD-B-l7slb
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 35
    ssl-proxy server PSERVICE_SERVER_B
    connection advanced-options Connection_Parameters
  class VIP-SIP-B
    loadbalance vip inservice
    loadbalance policy VIP-SIP-B-l7slb
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 35
    connection advanced-options Connection_Parameters

interface vlan 10
  description Server Side Vlan
  ip address 10.190.11.57 255.255.255.192
  alias 10.190.11.61 255.255.255.192
  peer ip address 10.190.11.58 255.255.255.192
  access-group input ACL_PERMIT_HTTTP
  nat-pool 3 10.190.11.59 10.190.11.59 netmask 255.255.255.255 pat
  service-policy input Management
  service-policy input NAT_POLICY
  no shutdown
interface vlan 35
  description Client Side Vlan
  ip address 10.190.11.68 255.255.255.192
  peer ip address 10.190.11.67 255.255.255.192
  access-group input ACL_PERMIT_HTTTP
  nat-pool 1 10.190.11.69 10.190.11.69 netmask 255.255.255.255 pat
  service-policy input int10
  no shutdown
interface vlan 99
  description Management Connectivity on Vlan 99
  ip address 10.190.13.198 255.255.255.192
  peer ip address 10.190.13.197 255.255.255.192
  access-group input ACL_PERMIT_HTTTP
  service-policy input Management
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.190.11.65

snmp-server contact "My Name "
snmp-server location "My Place"
snmp-server community CPpublic group Network-Monitor

snmp-server trap-source vlan 10

761
Views
7
Helpful
7
Replies
CreatePlease to create content