Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
5
Helpful
3
Replies

Redirecting http to https

Go to solution
michael.e.reid
Level 1
Level 1

‎08-11-2006 12:38 AM

Hi guys, a customer of mine wants to redirect a URL on port 80 to a different URL on port 443.

He does not want the customer to have to type in a URL, and also wants the new https URL to shown in the browser.

Is this easily achieved on the CSS via the domain/redirect commands. From what I read the CSS will only redirect on receiving an http 302 (page moved) message. Can it redirect even if the server is still up - I know you can very simply do this just by changing the service IP address and port but then the URL does not change in the browser.

cheers,

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎08-11-2006 03:56 AM

Mike,

you are actually mixing 2 features here.

The CSS with the SSL module can parse server response and modify a 302 redirect to an HTTP page into a redirect to an HTTPS page.

In your case, you need to intercept all traffic and create your own redirect.

This is possible as well.

Here is a link to the documentation :

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml#t4

Gilles.

View solution in original post

3 Replies 3

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎08-11-2006 03:56 AM

Mike,

you are actually mixing 2 features here.

The CSS with the SSL module can parse server response and modify a 302 redirect to an HTTP page into a redirect to an HTTPS page.

In your case, you need to intercept all traffic and create your own redirect.

This is possible as well.

Here is a link to the documentation :

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml#t4

Gilles.

Go to solution
ssrjazz
Level 1
Level 1
In response to Gilles Dufour

‎09-28-2006 05:55 AM

From the documentation: This example demonstrates a site that is required to operate over HTTPS exclusively. If a user comes into the site using HTTP, the CSS sends the user an HTTP redirect to come back in via HTTPS.

I don't think this guy wants his entire site to run via https... just a partiuclar URL.

I have the same issue. I have 3 domains going through my CSS and I'd like to have one of them auto redirect to https, but leave the other domains alone. Tried to adapt this documentation to it, but it doesn't work.

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to ssrjazz

‎09-28-2006 06:15 AM

this is feasible.

All you have to do is split the content rule in as many parts as needed.

For example, if you want www.aaa.com to be encrypted but not the other site, here is what you can do.

content AAA

vip x.x.x.x

proto tcp

port 80

url "//www.aaa.com/*"

add service REDIRECT

active

content ALL

vip x.x.x.x

proto tcp

port 80

url "/*"

add service LOCAL-80-1

add service LOCAL-80-2

...

active

content AAA-HTTPS

vip x.x.x.x

proto tcp

port 443

add service LOCAL-443-1

...

active

So, the first rule says that if traffic matches www.aaa.com it should be sent a rediret message [see previous post for more info on how to do this], for all the other HTTP traffic simply loadbalance and for HTTPS traffic loadbalance to HTTPS servers.

The opposite is not possible.

You can't intercept HTTPS traffic and redirect it to HTTP.

This could be done with an SSL module but then you could not use 1 vip for all, since SSL uses certificate which are linked to domain name.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents