[f-nsp] http -> https redirect

Ronald Esveld ronald.esveld at qi.nl
Thu Nov 20 09:03:41 EST 2008 

Sended him the correct one as well :)


Met vriendelijke groet, With kind regards, 

Ronald Esveld
network engineer

Qi ict
Delftechpark 35-37
Postbus 402, 2600 AK Delft

T : +31 15 888 0 444
F : +31 15 888 0 445
E : mailto:ronald.esveld at qi.nl
I : http://www.qi.nl/

Qi ict evenementen:
Qi ict op de http://www.qi.nl/cms/publish/content/showpage.asp?pageid=431

-----Oorspronkelijk bericht-----
Van: Mischa Peters [mailto:foundry at high5.nl] 
Verzonden: donderdag 20 november 2008 14:54
Aan: Ronald Esveld
CC: Anil; foundry-nsp at puck.nether.net
Onderwerp: Re: [f-nsp] http -> https redirect

That won't work.
What happens in this case is that the server will receive an HTTPS  
request on port 80. They wouldn't know what to do with it.

You need something like:

csw-policy "p1"
  default redirect "*" "*" ssl
!
server real www1 192.168.0.2
  port http
  port http url "GET /hc.php"
  port ssl
!
server real www2 192.168.0.3
  port http
  port http url "GET /hc.php"
  port ssl
!
server virtual www 192.168.0.80
  port http
  port http csw-policy "p1"
  port http csw
  port ssl sticky
  bind http www1 http www2 http
  bind ssl www1 ssl www2 ssl
!

Mischa

> server real bla 1.2.3.4
> port http
> port http keepalive
> port 180
> !
> server real bla2 1.2.3.5
> port http
> port http keepalive
> port 180
>
> server virtual blaat 1.2.3.6
> port default disable
> port ssl sticky
> port http sticky
> bind ssl bla http bla2 http
> bind http bla 180 real-port http bla2 180 real-port http
>
> That should do it
> ROnald
>
>
> Met vriendelijke groet, With kind regards,
>
> Ronald Esveld
> network engineer
>
> Qi ict
> Delftechpark 35-37
> Postbus 402, 2600 AK Delft
>
> T : +31 15 888 0 444
> F : +31 15 888 0 445
> E : mailto:ronald.esveld at qi.nl
> I : http://www.qi.nl/
>
> Qi ict evenementen:
> Qi ict op de
http://www.qi.nl/cms/publish/content/showpage.asp?pageid=431
>
> -----Oorspronkelijk bericht-----
> Van: foundry-nsp-bounces at puck.nether.net
> [mailto:foundry-nsp-bounces at puck.nether.net] Namens Anil
> Verzonden: woensdag 19 november 2008 16:46
> Aan: foundry-nsp at puck.nether.net
> Onderwerp: [f-nsp] http -> https redirect
>
> Sorry, for the newbie question. I am not a network engineer, just
> supporting something someone else maintains...
>
>  SW: Version 09.5.02kTD2 Copyright (c) 1996-2003 Foundry Networks,  
> Inc.
>      Compiled on Apr 22 2008 at 17:14:32 labeled as WXM09502k
>      (4107327 bytes) from Primary WXM09502k.bin
>  HW: ServerIronGT C-Series Switch, SYSIF version 21, Serial #:
> Non-exist
>
>
> Is it possible to setup a HTTP -> HTTPS redirect on the LB? I have a
> virtual server set as this:
>
>
> Virtual server: host1              Status: enabled  IP: 2.3.4.5
>        http -------> fe-sf1-01: 1.2.3.4,  http (Active)
>                      fe-sf1-02: 1.2.3.5,  http (Active)
>         ssl -------> fe-sf1-01: 1.2.3.4,  ssl (Active)
>                      fe-sf1-02: 1.2.3.5,  ssl (Active)
>
> Thanks,
> Anil
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list