Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

redirect incoming port 80 to another vip

I am doing ssl termination on a 11503. sessions start fine and data flows fine until the web servers sitting behind the css start supplying fully qualified url's "http://yada...com" to the clients, so the incoming request are going directly to the server via a different session and then the browser gets the mixed-secure/unsecure message, but works fine. Can I intercept and send a redirect back to the browser to go to https://vip when it comes in on 80? Iplanet says this cannot be changed on the webserver.

thanks

Dennis

2 REPLIES
Cisco Employee

Re: redirect incoming port 80 to another vip

you need the urlrewrite command that is available in the new 7.20 version.

This command is similar to the existing urlrewrite command on the SCA.

Gilles.

New Member

Re: redirect incoming port 80 to another vip

The server isn't using 302 redirects, the fully qualified urls are in the web pages.

I was able to get it do work, but I would need to have a rule/service for every url requested to get it to work.

is there a way to get the url "http://x.com/GOHERE" appended in the redirect https://x.com/GOHERE" dynamically?

*bad: The ssl_redirect needed an ip address outside of the box, I used the ip on a workgroup switch to keep the service alive. I couldn't point it directly at the vip.

here is the config.

!Generated on 04/02/2003 08:29:39

!Active version: sg0710003 "cisco 11503"

configure

!*************************** GLOBAL ***************************

x

ssl associate rsakey x x

ssl associate cert x x

ssl associate dsakey x x

ssl associate dhparam x x

x

!************************* INTERFACE *************************

interface 1/1

trunk

phy 1Gbits-FD-no-pause

vlan 15

interface 1/2

trunk

phy 1Gbits-FD-no-pause

vlan 15

interface 2/1

bridge vlan 15

phy 100Mbits-FD

!************************** CIRCUIT **************************

circuit VLAN15

ip address 168.183.x.44 255.255.255.192

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list x

ssl-server 1

ssl-server 1 vip address 168.183.x.43

ssl-server 1 rsakey x

ssl-server 1 rsacert x

ssl-server 1 cipher rsa-with-rc4-128-md5 168.183.x.43 81

active

!************************** SERVICE **************************

service css1

ip address 168.183.x.47

protocol tcp

keepalive type http

port 81

active

service css2

ip address 168.183.x.46

protocol tcp

port 81

keepalive type http

active

service ssl_Module1

type ssl-accel

keepalive type none

slot 3

add ssl-proxy-list x

active

service ssl_redirect

type redirect

no prepend-http

port 443

ip address 168.183.x.49

redirect-string https://x.com

active

!*************************** OWNER ***************************

owner securemail

content sm-http

url "/*"

protocol tcp

port 80

redirect "https://x.com"

vip address 168.183.x.43

add service ssl_redirect

active

content sm-ssl

vip address 168.183.x.43

application ssl

protocol tcp

port 443

add service ssl_Module1

active

content sm81

protocol tcp

vip address 168.183.x.43

port 81

add service css1

add service css2

active

252
Views
0
Helpful
2
Replies