From: Michael Ferraro (mikeIZZATmyvest.com)
Date: Fri Jul 09 2004 - 17:48:55 EDT


Hi,

I have a pool of HTTP servers supplying the HTTP version of our site.
Those HTTP servers serve up a default index page that contains this:

--
<html>
 
<head>
<meta http-equiv="refresh" content="0;URL=https://whatever.blah.com">
</head>
 
</html>
--

Then, I've configured those HTTP servers to serve up that same page for 404 errors. The result: whenever anybody visits http://whatever.blah.com, their browser is instructed to immediately visit https://whatever.blah.com.

I hope that's helpful!

Regards, Mike

On Fri, 2004-07-09 at 12:34, Fletcher Cocquyt wrote: > Fellow lb’ers, > > > > We have a webapp (/secureapp/) that we only want to make available > through https SSL. > > Users trying to access http://site/secureapp/ should be redirected to > https://site/secureapp/ > > > > Given that: > > 1) https://site is a BigIP SSL proxied site > > 2) Apache web servers in the pool only see port 80 coming from > the BigIP (good thing – that means the SSL is offloaded on the BigIP > HW) > > 3) Some apps (/nonsecureapp/) do not require SSL redirect > > > > How do I best configure this redirect? > > > > I have seen various options: > > > > 1) Rewrite rules like the one below do not work because the > server port is 80 regardless > > a. RewriteCond %{SERVER_PORT} !^443$ > > b. RewriteRule ^/secret(.*)$ https://www.domain.com/secret$1 > [L,R] > > 2) BigIP Rules do not seem to work – I get a loop in my testing: > > a. if (http_uri matches_regex "/secureapp/" and client_port == > 80) { > > b. redirect to "https://%h/%u" > > c. } > > 3) Setting a Header value in the BigIP Proxy to trigger a > re-write rule seems like it should work, but complicated. > > 4) Having the BigIP SSL Proxy point to a new Apache webserver > pool listening on port 81 (something other than 80) and have the port > 80 accesses to /secureapp/ redirect to https://site/secureapp/ > > > > > > I am thinking of doing option 4 – but thought I’d ask what others > found works best. > > > > Thanks, > > > > Fletcher Cocquyt > > Senior Systems Administrator > > fcocquytIZZATstanford.edu > > -- Michael Ferraro Systems Administrator MyVest Corporation 415-249-6114 desk 650-387-1576 cell

____________________ The Load Balancing Mailing List Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l Archive: http://vegan.net/lb/archive LBDigest: http://lbdigest.com MRTG with SLB: http://vegan.net/MRTG Hosted by: http://www.tokkisystems.com



This archive was generated by hypermail 2.1.4 : Tue Jul 13 2004 - 03:42:48 EDT