Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssl redirect/rewrite

I currently have a site www.xyz.com.  I need everything redirected to https://www.xyz.com and the ACE is doing the SSL termination.

Easy enough for all my port 80 traffic.  I just match it and redirect with a 301 to https://www.xyz.com, but what about when someone types https://xyz.com.  I need that to either redirect or rewrite it to https://www.xyz.com.  I have tried action-list as well as L7 class maps with no luck.

rserver redirect xyz.com
  webhost-redirection https://www.xyz.com
  inservice
 
serverfarm redirect redirect-xyz.com
  rserver xyz.com
    inservice
   
  class-map match-any http.xyz.com
  2 match virtual-address 1.1.1.1 tcp eq www
 
  class-map match-any https.xyz.com
  2 match virtual-address 1.1.1.1 tcp eq https
 
  policy-map type loadbalance first-match http.xyz.com-L7
  class class-default
    serverfarm redirect-xyz.com
 
  policy-map type loadbalance first-match https.xyz.com-L7
  class class-default
    serverfarm xyz
   
policy-map multi-match int150
  class https.xyz.com
    loadbalance vip inservice
    loadbalance policy https.xyz.com-L7
    loadbalance vip icmp-reply active
    ssl-proxy server www.xyz.com

  class http.xyz.com
    loadbalance vip inservice
    loadbalance policy http.xyz.com-L7
    loadbalance vip icmp-reply active

Everyone's tags (2)
2 REPLIES
Cisco Employee

Re: ssl redirect/rewrite

That's an issue that needs to be addressed on the dns server.

Because the browser will try to get the ip address associated with xyz.com ....

Most DNS server returns the same ip address for xyz.com and www.xyz.com.

If that's not the case, you need to make that change.

After that, for the ACE, all we see is an https request coming to virtual ip x.x.x.x.

We don't care if the user typed xyz.com or www.xyz.com.

Gilles

New Member

Re: ssl redirect/rewrite

DNS is the same for xyz.com and www.xyz.com.  My problem is that the certificate is only for www.xyz.com, so if the user types https://xyz.com they will get a certificate error and have to accept it.  I need that to rewrite to https://www.xyz.com

711
Views
0
Helpful
2
Replies