Lab goal
Create a new VIP/virt - 10.136.85.13.
The main page should be using HTTP but all the other elements should be using SSL.
The main page should be using HTTP but all the other elements should be using SSL.
Setup
I'll use my Loadbalancer Lab Setup.
The loadbalancer is Radware's Alteon VA version 29.5.1.0
The initial Alteon VA configuration can be found here.
Alteon configuration
We will reuse group 10 which includes all web servers.
So all is left is to create a VIP/virt with services HTTP and HTTPS
Lines 8-10 - Source NAT. Without it traffic from the server will go directly to client without going first through the Alteon.
Now for the AppShape script:
So all is left is to create a VIP/virt with services HTTP and HTTPS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | /c/slb/virt 86_13
ena
ipver v4
vip 10.136.85.13
/c/slb/virt 86_13/service 80 http
group 10
rport 80
/c/slb/virt 86_13/service 80 http/pip
mode address
addr v4 10.136.85.200
/c/slb/virt 86_13/service 443 https
group 10
rport 443
/c/slb/virt 86_13/service 443 https/pip
mode address
addr v4 10.136.85.200
|
Lines 8-10 - Source NAT. Without it traffic from the server will go directly to client without going first through the Alteon.
Now for the AppShape script:
1 2 3 4 5 6 7 8 9 10 11 12 | when HTTP_REQUEST { # exctract the fields from the HTTP headers set url [HTTP::uri] set host [HTTP::host] if {[string equal $url "/"] ==0} { HTTP::redirect "https://$host$url" 301 } } -----END |
- Line 7 checks if the path is not /" and then:
- Line 8 Redirect all requests to the page elements, such as pictures, iFrames and CGI-BIN to HTTPS
- Notice that the redirect was built with the extracted host name and the URL
Next lets import and apply the AppShape++ script:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | /c/slb/appshape/script redirect_to_https
ena
import text
when HTTP_REQUEST {
# exctract the fields from the HTTP headers
set url [HTTP::uri]
set host [HTTP::host]
if {[string equal $url "/"] ==0} {
HTTP::redirect "https://$host$url" 301
}
}
-----END
/c/slb/virt 86_13/service 80 http/appshape
add 10 redirect_to_https
|
Test
Success!
Summary
This exact setup can be done with crule,but I think that using AppShape++ is much easier to understand, as you see the condition and the action in one place.
