[f-nsp] http -> https redirect

Anil replicase at gmail.com
Thu Nov 20 12:15:45 EST 2008


You guys are confusing me. :) Everyone gave me different answers.

How exactly should the virtual server definition be setup?


bind http fe-sf1-02 http
bind ssl fe-sf1-02 ssl

or
bind http RS1 180   (using "shadow ports", someone recommended)
bind ssl RS1 http

or
bind ssl bla http bla2 http
bind http bla 180 real-port http bla2 180 real-port http   (what will
the real-port do?)


What does the "sticky" option do?
Also, in this context what does the port http url "GET /" do? Does it
match client's doing a GET / on their browser on port 80? If they goto
say http://host/something/else, it won't match?


This is what I have now. Thanks!

!
server real fe-sf1-01 1.2.3.4
 source-nat access-list 84
 port http
 port http keepalive
 port http url "GET /"
 port http l4-check-only
 port 81
 port 81 no-health-check
 port 81 keepalive
 port 81 l4-check-only
 port ssl
!
server real fe-sf1-02 1.2.3.5
 source-nat access-list 84
 port http
 port http keepalive
 port http url "GET /"
 port 81
 port 81 no-health-check
 port 81 keepalive
 port 81 l4-check-only
 port ssl
!
!
server virtual sfaccess-amer 1.2.3.6
 port http
 port http csw-policy "ssl-convergence"
 port http csw
 port ssl sticky
 bind http fe-sf1-02 http
 bind ssl fe-sf1-02 ssl
!

On Thu, Nov 20, 2008 at 6:03 AM, Ronald Esveld <ronald.esveld at qi.nl> wrote:
> Sended him the correct one as well :)
>
>
> Met vriendelijke groet, With kind regards,
>
> Ronald Esveld
> network engineer
>
> Qi ict
> Delftechpark 35-37
> Postbus 402, 2600 AK Delft
>
> T : +31 15 888 0 444
> F : +31 15 888 0 445
> E : mailto:ronald.esveld at qi.nl
> I : http://www.qi.nl/
>
> Qi ict evenementen:
> Qi ict op de http://www.qi.nl/cms/publish/content/showpage.asp?pageid=431
>
> -----Oorspronkelijk bericht-----
> Van: Mischa Peters [mailto:foundry at high5.nl]
> Verzonden: donderdag 20 november 2008 14:54
> Aan: Ronald Esveld
> CC: Anil; foundry-nsp at puck.nether.net
> Onderwerp: Re: [f-nsp] http -> https redirect
>
> That won't work.
> What happens in this case is that the server will receive an HTTPS
> request on port 80. They wouldn't know what to do with it.
>
> You need something like:
>
> csw-policy "p1"
>  default redirect "*" "*" ssl
> !
> server real www1 192.168.0.2
>  port http
>  port http url "GET /hc.php"
>  port ssl
> !
> server real www2 192.168.0.3
>  port http
>  port http url "GET /hc.php"
>  port ssl
> !
> server virtual www 192.168.0.80
>  port http
>  port http csw-policy "p1"
>  port http csw
>  port ssl sticky
>  bind http www1 http www2 http
>  bind ssl www1 ssl www2 ssl
> !
>
> Mischa
>
>> server real bla 1.2.3.4
>> port http
>> port http keepalive
>> port 180
>> !
>> server real bla2 1.2.3.5
>> port http
>> port http keepalive
>> port 180
>>
>> server virtual blaat 1.2.3.6
>> port default disable
>> port ssl sticky
>> port http sticky
>> bind ssl bla http bla2 http
>> bind http bla 180 real-port http bla2 180 real-port http
>>
>> That should do it
>> ROnald
>>
>>
>> Met vriendelijke groet, With kind regards,
>>
>> Ronald Esveld
>> network engineer
>>
>> Qi ict
>> Delftechpark 35-37
>> Postbus 402, 2600 AK Delft
>>
>> T : +31 15 888 0 444
>> F : +31 15 888 0 445
>> E : mailto:ronald.esveld at qi.nl
>> I : http://www.qi.nl/
>>
>> Qi ict evenementen:
>> Qi ict op de
> http://www.qi.nl/cms/publish/content/showpage.asp?pageid=431
>>
>> -----Oorspronkelijk bericht-----
>> Van: foundry-nsp-bounces at puck.nether.net
>> [mailto:foundry-nsp-bounces at puck.nether.net] Namens Anil
>> Verzonden: woensdag 19 november 2008 16:46
>> Aan: foundry-nsp at puck.nether.net
>> Onderwerp: [f-nsp] http -> https redirect
>>
>> Sorry, for the newbie question. I am not a network engineer, just
>> supporting something someone else maintains...
>>
>>  SW: Version 09.5.02kTD2 Copyright (c) 1996-2003 Foundry Networks,
>> Inc.
>>      Compiled on Apr 22 2008 at 17:14:32 labeled as WXM09502k
>>      (4107327 bytes) from Primary WXM09502k.bin
>>  HW: ServerIronGT C-Series Switch, SYSIF version 21, Serial #:
>> Non-exist
>>
>>
>> Is it possible to setup a HTTP -> HTTPS redirect on the LB? I have a
>> virtual server set as this:
>>
>>
>> Virtual server: host1              Status: enabled  IP: 2.3.4.5
>>        http -------> fe-sf1-01: 1.2.3.4,  http (Active)
>>                      fe-sf1-02: 1.2.3.5,  http (Active)
>>         ssl -------> fe-sf1-01: 1.2.3.4,  ssl (Active)
>>                      fe-sf1-02: 1.2.3.5,  ssl (Active)
>>
>> Thanks,
>> Anil
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>



More information about the foundry-nsp mailing list