ACE Load Balancer: Redirection - HTTP to HTTP/HTTPS

In this document I´ll explain how to filter the http protocol on a Cisco ACE Load Balancer, and how to redirect the filtered http traffic to another URL. This concept is widely used for http-to-https redirection.


Step 1 Create the redirection rserver

rserver redirect REDIRECT-HTTP-APP
  webhost-redirection url_redirect HTTP_CODE
  inservice


The url_ url_redirect is the URL where the traffic will be redirected to, and the HTTP_CODE is the code of redirection (normaly it will be 301 or 302).
If we wish the URL to stay the same, as is normally the case of redirection to Https, we will use the %h%p instead of the URL.

%h stands for Hostname. If you have only %h then http://cisqueros.blogspot.com/mat.html will redirect you to https://cisqueros.blogspot.com

%p stands for Path

301 redirects are permanent. They mean that the page has moved, and they request any search engine or user agent coming to the page to update the URL in their database. This is the most common type of redirect that people should use.

302 - temporary redirect

You can read about these redirects here.

Step 2 Create the Server Farm that will contain the redirection rserver

serverfarm redirect SRV-REDIRECT-HTTP-APP
  rserver REDIRECT-HTTP-APP
    inservice



Step 3 Create the class-map

class-map match-all VIP-APP-REDIRECT
2 match virtual-address X.X.X.X tcp eq www


Where the X.X.X.X is the Virtual IP


Step 4 Create the policy-map, and correlate it to the previously configured Server Farm

policy-map type loadbalance first-match PM-VIP-APP-REDIRECT
  class class-default 
      serverfarm SRV-REDIRECT-HTTP-APP



Step 5 Apply the configuration to the Layer3-4 existing policy map

policy-map multi-match PM-VIP
  class VIP-APP-REDIRECT
    loadbalance vip inservice
    loadbalance policy PM-VIP-APP-REDIRECT
    loadbalance vip icmp-reply active

6 comments:

  1. Very nice explanation!

    ReplyDelete
  2. thanks - you helped me a lot with this

    ReplyDelete
  3. very good..appreciate this..

    ReplyDelete
  4. If I wanted to redirect to SSL port 8443, how would I do that?

    Thanks!

    ReplyDelete
  5. All the redirections are done the same way, you are basically redirecting to the already existing server farm that has a Virtual IP and a port defined. If that port is 443 - it will redirect it to 443. If the port you defined in the original class-map is 8443 - your redirection will forward the request to 8443.

    Hope this helps :)

    ReplyDelete

Most Popular Posts