Lab goal
Create a new VIP/virt - 10.136.85.13.
The main page should be using HTTP but all the other elements should be using SSL.
The main page should be using HTTP but all the other elements should be using SSL.
Setup
I'll use my Loadbalancer Lab Setup.
The loadbalancer is Radware's Alteon VA version 29.5.1.0
The initial Alteon VA configuration can be found here.
Alteon configuration
We will reuse group 10 which includes all web servers.
So all is left is to create a VIP/virt with services HTTP and HTTPS
Lines 8-10 - Source NAT. Without it traffic from the server will go directly to client without going first through the Alteon.
Now for the AppShape script:
So all is left is to create a VIP/virt with services HTTP and HTTPS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | /c/slb/virt 86_13 ena ipver v4 vip 10.136.85.13 /c/slb/virt 86_13/service 80 http group 10 rport 80 /c/slb/virt 86_13/service 80 http/pip mode address addr v4 10.136.85.200 /c/slb/virt 86_13/service 443 https group 10 rport 443 /c/slb/virt 86_13/service 443 https/pip mode address addr v4 10.136.85.200 |
Lines 8-10 - Source NAT. Without it traffic from the server will go directly to client without going first through the Alteon.
Now for the AppShape script:
1 2 3 4 5 6 7 8 9 10 11 12 | when HTTP_REQUEST { # exctract the fields from the HTTP headers set url [HTTP::uri] set host [HTTP::host] if {[string equal $url "/"] ==0} { HTTP::redirect "https://$host$url" 301 } } -----END |
- Line 7 checks if the path is not /" and then:
- Line 8 Redirect all requests to the page elements, such as pictures, iFrames and CGI-BIN to HTTPS
- Notice that the redirect was built with the extracted host name and the URL
Next lets import and apply the AppShape++ script:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | /c/slb/appshape/script redirect_to_https ena import text when HTTP_REQUEST { # exctract the fields from the HTTP headers set url [HTTP::uri] set host [HTTP::host] if {[string equal $url "/"] ==0} { HTTP::redirect "https://$host$url" 301 } } -----END /c/slb/virt 86_13/service 80 http/appshape add 10 redirect_to_https |
Test
It looks like a regular HTTP page, but notice the TCP port being used inside the iFrame. Its 443, which is HTTPS.Success!
Summary
This exact setup can be done with crule,but I think that using AppShape++ is much easier to understand, as you see the condition and the action in one place.