11-10-2011 02:21 PM
I am using ACE 4710s running 4.1 to load balance web traffic across our web server farms. Redirection is configured to redirect http to https. There is a new requirement to redirect a request that does not include the "www" in the URL to include the "www". In other words, if a client merely types "mytesturl.com/test1" the ACE is to redirect or rewrite and insert the www so the request becomes"www.mytesturl.com/test1". I am searching through the documentation, but thought I would pick the collective brains of the community at the same time to see who can come up with the correct answer first. Below is a sample of the working config.
Thanks in advance,
mb
rserver host RS_TEST_01
description ***Test Producation Host***
ip address 10.64.64.45
inservice
rserver redirect RD_EC
description ***TEST Sub-Site***
webhost-redirection https://www.test.com/EC/
inservice
rserver redirect http
webhost-redirection https://%h%p 301
inservice
serverfarm redirect REDIRECT
rserver http
inservice
serverfarm host SF_TEST
rserver RS_TEST_01 80
inservice
serverfarm redirect SF_EC
description ***Test Sub-Site***
rserver RD_EC
inservice
sticky ip-netmask 255.255.255.0 address both STICKY_TEST_1
timeout 600
replicate sticky
serverfarm SF_TEST
ssl-proxy service SSL_TEST_1
key TEST_KEY
cert TEST_CERT
chaingroup VERISIGN
ssl advanced-options SSL_TERMINATION
class-map match-any TEST_VIP_01
description ***VIP for TEST***
2 match virtual-address 10.64.74.45 tcp eq https
class-map type http loadbalance match-all TEST_EC
2 match http url /ec*
policy-map type loadbalance first-match LB_TEST_01
description ***Load Balancing Policy for Test***
class TEST_EC
serverfarm SF_EC
policy-map type loadbalance first-match LB_REDIRECT
description L7SLBPolicy-Redirect
class class-default
serverfarm REDIRECT
policy-map multi-match NEW_WEB_POLICY
class TEST_VIP_01
loadbalance vip inservice
loadbalance policy LB_TEST_01
loadbalance vip icmp-reply active
ssl-proxy server SSL_TEST_1
interface vlan 474
description ***Front End VIP interface***
ip address 10.64.74.254 255.255.255.0
alias 10.64.74.252 255.255.255.0
peer ip address 10.64.74.253 255.255.255.0
access-group input TEST_WEB
service-policy input TEST_WEB_POLICY
no shutdown
Solved! Go to Solution.
11-11-2011 02:51 AM
Hi Michael,
The configuration to achieve this would be something like the one below. I wrote it without trying it in the lab first, so, make sure to test it before putting it in production (specially the syntax of the regular expressions)
rserver redirect http
webhost-redirection https://%h%p 301
inservice
rserver redirect http_and_www
webhost-redirection https://www.%h%p 301
inservice
serverfarm redirect REDIRECT
rserver http
inservice
serverfarm redirect REDIRECT_and_www
rserver http_and_www
inservice
class-map type http loadbalance match-all http_with_www
2 match http header Host header-value www.*
policy-map type loadbalance first-match LB_REDIRECT
description L7SLBPolicy-Redirect
class http_with_www
serverfarm REDIRECT
class class-default
serverfarm REDIRECT_AND_WWW
I hope this helps
Daniel
11-11-2011 02:51 AM
Hi Michael,
The configuration to achieve this would be something like the one below. I wrote it without trying it in the lab first, so, make sure to test it before putting it in production (specially the syntax of the regular expressions)
rserver redirect http
webhost-redirection https://%h%p 301
inservice
rserver redirect http_and_www
webhost-redirection https://www.%h%p 301
inservice
serverfarm redirect REDIRECT
rserver http
inservice
serverfarm redirect REDIRECT_and_www
rserver http_and_www
inservice
class-map type http loadbalance match-all http_with_www
2 match http header Host header-value www.*
policy-map type loadbalance first-match LB_REDIRECT
description L7SLBPolicy-Redirect
class http_with_www
serverfarm REDIRECT
class class-default
serverfarm REDIRECT_AND_WWW
I hope this helps
Daniel
11-11-2011 08:08 AM
Daniel,
Thanks for the recommendation. I will give it a shot during the next maintenance window and let you know what happens.
MB
11-14-2011 09:28 AM
I gave it a shot, but it does not appear to be working. Here is the config:
rserver redirect http_and_www
webhost-redirection https://www.%h%p 301
inservice
serverfarm redirect REDIRECT
rserver http
inservice
serverfarm redirect RED_HTTP_WWW
rserver http_and_www
inservice
class-map type http loadbalance match-all HTTP_WITH_WWW
2 match http header Host header-value "www.*"
policy-map type loadbalance first-match LB_REDIRECT
description L7SLBPolicy-Redirect
class HTTP_WITH_WWW
serverfarm REDIRECT
class class-default
serverfarm RED_HTTP_WWW
I tried a couple of different combinations in the policy map, going so far as to use only the default class with the RED_HTTP_WWW serverfarm. Requests with the www string redirected as usual, but requests without the www string returned a 404 error.
Any ideas?
MB
11-15-2011 12:20 AM
Hi Michael,
I've just tried the configuration in my lab, and for me, it's working perferctly.
At this point, I think the best approach would be getting traffic captures on both sides of the ACE to see what is really happening with the request. This way you should be able to see if the redirection message is properly returned by the ACE and whether the 404 is coming from the ACE or the server itself.
For this test, it may be easier to remove the SSL part to avoid having to deal with encrypted traffic captures.
Regards
Daniel
11-16-2011 09:16 AM
Daniel,
The config you submitted above works. We found a DNS record that was incorrectly configured for the URL without the www string. That was corrected and the redirection began working as designed.
Thanks for the excellent advice!
mb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide