Solved: Use ACE to redirect or insert a WWW in a client request

alleghieri · ‎11-10-2011

I am using ACE 4710s running 4.1 to load balance web traffic across our web server farms. Redirection is configured to redirect http to https. There is a new requirement to redirect a request that does not include the "www" in the URL to include the "www". In other words, if a client merely types "mytesturl.com/test1" the ACE is to redirect or rewrite and insert the www so the request becomes"www.mytesturl.com/test1". I am searching through the documentation, but thought I would pick the collective brains of the community at the same time to see who can come up with the correct answer first. Below is a sample of the working config.

Thanks in advance,

mb

rserver host RS_TEST_01

description ***Test Producation Host***

ip address 10.64.64.45

inservice

rserver redirect RD_EC

description ***TEST Sub-Site***

webhost-redirection https://www.test.com/EC/

inservice

rserver redirect http

webhost-redirection https://%h%p 301

inservice

serverfarm redirect REDIRECT

rserver http

inservice

serverfarm host SF_TEST

rserver RS_TEST_01 80

inservice

serverfarm redirect SF_EC

description ***Test Sub-Site***

rserver RD_EC

inservice

sticky ip-netmask 255.255.255.0 address both STICKY_TEST_1

timeout 600

replicate sticky

serverfarm SF_TEST

ssl-proxy service SSL_TEST_1

key TEST_KEY

cert TEST_CERT

chaingroup VERISIGN

ssl advanced-options SSL_TERMINATION

class-map match-any TEST_VIP_01

description ***VIP for TEST***

2 match virtual-address 10.64.74.45 tcp eq https

class-map type http loadbalance match-all TEST_EC

2 match http url /ec*

policy-map type loadbalance first-match LB_TEST_01

description ***Load Balancing Policy for Test***

class TEST_EC

serverfarm SF_EC

policy-map type loadbalance first-match LB_REDIRECT

description L7SLBPolicy-Redirect

class class-default

serverfarm REDIRECT

policy-map multi-match NEW_WEB_POLICY

class TEST_VIP_01

loadbalance vip inservice

loadbalance policy LB_TEST_01

loadbalance vip icmp-reply active

ssl-proxy server SSL_TEST_1

interface vlan 474

description ***Front End VIP interface***

ip address 10.64.74.254 255.255.255.0

alias 10.64.74.252 255.255.255.0

peer ip address 10.64.74.253 255.255.255.0

access-group input TEST_WEB

service-policy input TEST_WEB_POLICY

no shutdown

Daniel Arrondo Ostiz · ‎11-11-2011

Hi Michael,

The configuration to achieve this would be something like the one below. I wrote it without trying it in the lab first, so, make sure to test it before putting it in production (specially the syntax of the regular expressions)

rserver redirect http

webhost-redirection https://%h%p 301

inservice

rserver redirect http_and_www

webhost-redirection https://www.%h%p 301

inservice

serverfarm redirect REDIRECT

rserver http

inservice

serverfarm redirect REDIRECT_and_www

rserver http_and_www

inservice

class-map type http loadbalance match-all http_with_www

2 match http header Host header-value www.*

policy-map type loadbalance first-match LB_REDIRECT

description L7SLBPolicy-Redirect

class http_with_www

serverfarm REDIRECT

class class-default

serverfarm REDIRECT_AND_WWW

I hope this helps

Daniel

View solution in original post

Daniel Arrondo Ostiz · ‎11-11-2011

Hi Michael,

The configuration to achieve this would be something like the one below. I wrote it without trying it in the lab first, so, make sure to test it before putting it in production (specially the syntax of the regular expressions)

rserver redirect http

webhost-redirection https://%h%p 301

inservice

rserver redirect http_and_www

webhost-redirection https://www.%h%p 301

inservice

serverfarm redirect REDIRECT

rserver http

inservice

serverfarm redirect REDIRECT_and_www

rserver http_and_www

inservice

class-map type http loadbalance match-all http_with_www

2 match http header Host header-value www.*

policy-map type loadbalance first-match LB_REDIRECT

description L7SLBPolicy-Redirect

class http_with_www

serverfarm REDIRECT

class class-default

serverfarm REDIRECT_AND_WWW

I hope this helps

Daniel

alleghieri · ‎11-11-2011

Daniel,

Thanks for the recommendation. I will give it a shot during the next maintenance window and let you know what happens.

MB

alleghieri · ‎11-14-2011

I gave it a shot, but it does not appear to be working. Here is the config:

rserver redirect http_and_www

webhost-redirection https://www.%h%p 301

inservice

serverfarm redirect REDIRECT

rserver http

inservice

serverfarm redirect RED_HTTP_WWW

rserver http_and_www

inservice

class-map type http loadbalance match-all HTTP_WITH_WWW

2 match http header Host header-value "www.*"

policy-map type loadbalance first-match LB_REDIRECT

description L7SLBPolicy-Redirect

class HTTP_WITH_WWW

serverfarm REDIRECT

class class-default

serverfarm RED_HTTP_WWW

I tried a couple of different combinations in the policy map, going so far as to use only the default class with the RED_HTTP_WWW serverfarm. Requests with the www string redirected as usual, but requests without the www string returned a 404 error.

Any ideas?

MB

Daniel Arrondo Ostiz · ‎11-15-2011

Hi Michael,

I've just tried the configuration in my lab, and for me, it's working perferctly.

At this point, I think the best approach would be getting traffic captures on both sides of the ACE to see what is really happening with the request. This way you should be able to see if the redirection message is properly returned by the ACE and whether the 404 is coming from the ACE or the server itself.

For this test, it may be easier to remove the SSL part to avoid having to deal with encrypted traffic captures.

Regards

Daniel

alleghieri · ‎11-16-2011

Daniel,

The config you submitted above works. We found a DNS record that was incorrectly configured for the URL without the www string. That was corrected and the redirection began working as designed.

Thanks for the excellent advice!

mb