07-2004 lb-l: Re: [load balancing] redirecting http to https for secure webapps

From: Michael Ferraro (mikeIZZATmyvest.com)
Date: Fri Jul 09 2004 - 17:48:55 EDT

Next message: Cordes, Robert: "Re: [load balancing] redirecting http to https for secure webapps"
Previous message: Winter, R. Stephen: "RE: [load balancing] redirecting http to https for secure webapps"
In reply to: Fletcher Cocquyt: "[load balancing] redirecting http to https for secure webapps"
Next in thread: Cordes, Robert: "Re: [load balancing] redirecting http to https for secure webapps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I have a pool of HTTP servers supplying the HTTP version of our site.
Those HTTP servers serve up a default index page that contains this:

--
<html>
 
<head>
<meta http-equiv="refresh" content="0;URL=https://whatever.blah.com">
</head>
 
</html>
--
Then, I've configured those HTTP servers to serve up that same page for
404 errors.  The result:  whenever anybody visits
http://whatever.blah.com, their browser is instructed to immediately
visit https://whatever.blah.com.
I hope that's helpful!
Regards,
Mike
On Fri, 2004-07-09 at 12:34, Fletcher Cocquyt wrote:
> Fellow lb’ers,
> 
>  
> 
> We have a webapp (/secureapp/) that we only want to make available
> through https SSL.
> 
> Users trying to access http://site/secureapp/ should be redirected to
> https://site/secureapp/
> 
>  
> 
> Given that:
> 
> 1)       https://site is a BigIP SSL proxied site
> 
> 2)       Apache web servers in the pool only see port 80 coming from
> the BigIP (good thing – that means the SSL is offloaded on the BigIP
> HW)
> 
> 3)       Some apps (/nonsecureapp/) do not require SSL redirect
> 
>  
> 
> How do I best configure this redirect?
> 
>  
> 
> I have seen various options:
> 
>  
> 
> 1)       Rewrite rules like the one below do not work because the
> server port is 80 regardless
> 
> a.       RewriteCond  %{SERVER_PORT}  !^443$
> 
> b.       RewriteRule ^/secret(.*)$ https://www.domain.com/secret$1
> [L,R]
> 
> 2)       BigIP Rules do not seem to work – I get a loop in my testing:
> 
> a.       if (http_uri matches_regex "/secureapp/" and client_port ==
> 80) {
> 
> b.          redirect to "https://%h/%u"
> 
> c.       }
> 
> 3)       Setting a Header value in the BigIP Proxy to trigger a
> re-write rule seems like it should work, but complicated.
> 
> 4)       Having the BigIP SSL Proxy point to a new Apache webserver
> pool listening on port 81 (something other than 80) and have the port
> 80 accesses to /secureapp/ redirect to https://site/secureapp/
> 
>  
> 
>  
> 
> I am thinking of doing option 4 – but thought I’d ask what others
> found works best.
> 
>  
> 
> Thanks, 
> 
>  
> 
> Fletcher Cocquyt
> 
> Senior Systems Administrator
> 
> fcocquytIZZATstanford.edu
> 
>  
-- 
Michael Ferraro
Systems Administrator
MyVest Corporation
415-249-6114 desk
650-387-1576 cell
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com

Next message: Cordes, Robert: "Re: [load balancing] redirecting http to https for secure webapps"
Previous message: Winter, R. Stephen: "RE: [load balancing] redirecting http to https for secure webapps"
In reply to: Fletcher Cocquyt: "[load balancing] redirecting http to https for secure webapps"
Next in thread: Cordes, Robert: "Re: [load balancing] redirecting http to https for secure webapps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 13 2004 - 03:42:48 EDT