Jump to content
Welcome to our new Citrix community!

Hosting different websites with same server and vserver


Recommended Posts

Hi All, 

 

I want to achieve the following scenario:

 

--> If I try to hit www.example.com, it should show a content page(informational) for end user with https redirection (https://www.example.com)

--> And If I intentionally type https://www.example.com, it should redirect user to another website i.e. https://www.example.com/wealthspectrum/app/login (which is a login page, NOT informational)

 

As of now, We are having two CS Vservers (HTTP and HTTPS each), and using only single server as a backend server(target LB vs)

http://www.example.com is hosted on 10.1.2.3 port 80

And https://www.example.com/wealthspectrum/app/login is hosted on 10.1.2.3 port 8081.

 

I played with responder policy, but could not get success

 

Can someone please help me here?

 

 

Link to comment
Share on other sites

Do you need any content going to http://www.example.com/<stuff> or all requests to http:// redirecting to https?  (I'm going with the latter, but a change in requirements would change the results.)

 

#1a - send to ssl, this can be done a lot of ways, but this example redirects any request to http://www.example.com/<anything> to https://www.example.com/<anything>, preserving any path/query parameters specified.

 

add rs_act_sendtossl redirect '"https://www.example.com" + http.req.url.path_and_query.http_url_safe'

add rs_pol_sendtossl true rs_act_sendtossl

#  -- bind policy to HTTP vserver only

bind cs vserver cs_vsrv_example_http -policyName rs_pol_sendtossl -priority 100

 

#1b - alternate, where only the exact request to http://www.example.com/ is redirected (and not path/query is included in the trigger or the destination.).  Again, this can be tweaked to meet your requirements:  Or replace the action with the informational link you are supposed to see instead of "/".

add rs_act_sendtossl2 redirect '"https://www.example.com/"'

add rs_pol_sendtossl2 'http.req.url.path.eq("/")' rs_act_sendtossl2

#  -- bind policy to HTTP vserver only

bind cs vserver cs_vsrv_example_http -policyName rs_pol_sendtossl2 -priority 100

### However, if variant #1b is used on the http vserver, when it redirects to https, then #2  below will kick in as well.

 

#2 - Redirect "/" to a specific page; only triggers when path is exactly is "/"

add rs_act_sendtologin redirect '"https://www.example.com/wealthspectrum/app/login"'

add rs_pol_sendtologin http.req.url.path.eq("/") rs_act_sendtologin

# -- bind this policy to the SSL vserver only

bind cs vserver cs_vsrv_example_ssl -policyName rs_pol_sendtologin -priority 100

 

IF you clarify your scenario, we can fix the policies for your exact needs, but this may help you close the gap.

 

 

 

 

Link to comment
Share on other sites

Hi Rowland,

 

Thanks for explaining the scenarios.

But in my setup, We are having two Content Switching Virtual Servers (HTTP and HTTPS):

Where we have 3 target LB Virtual Servers(non-addressable)-

 1. Service: 10.1.2.3 port 80 bind to target LB VS1 0.0.0.0:80 (using CS HTTP VS)

 2. Service: 10.1.2.3 port 80 bind to target LB VS2 0.0.0.0:443 (using HTTPS VS)

 3. Service: 10.1.2.3 port 8081 bind to target LB VS3 0.0.0.0:443 (using HTTPS VS)

 

Now we want redirection as below:

1. If someone types http://www.example.com, it should redirect to https://www.example.com (which is a content page and this is hosted on 10.1.2.3:80)

2. If someone types https://www.example.com, it should redirect to https://www.example.com/wealthspectrum/app/login (which is a login portal and this page is hosted on 10.1.2.3:8081)

 

Hope, I am now better to explain than earlier

Link to comment
Share on other sites

Okay, so we need to clarify some terms:

REDIRECT implies the user makes a request (1), it is received by vserver and then a REDIRECT response (2) is provided back to client with directions of where to go next, and then client makes a new REQUEST (3) to new destination. This is not transparent to the user they see the new location and initiate a new connection.

===========

Your description of your config is unclear as you don't have your CS vserver details listed; just your lb vserver details.

 

 

So for you scenarios:

Scenario 1:  Send http://www.example.com is really a request to http://www.example.com/ (not other path details specified).  Which means it will redirect https://www.example.com/.  Despite the fact that you want this going to your port 80 service behind the lb vserver, the frontend is going to your HTTPS vserver so it will be caught by scenario 2.

 

In this case, once you do the redirect to https:// for scenario 1, you will not see the HTTP:80 backend info page as you are now on a different vserver and this is not going to do what you describe.

--

 

If you need to do a different "info page" for http://www.example.com --> https://www.example.com vs a request going to https://www.example.com/ going to https://www.example.com/wealthspectrum/app/login

You either have to change the FQDN of the http vserver or the https vserver to treat these as two separate requests or we would have to filter based on referer headers (maybe), but the reality is with the example as you've described it scenario 1 redirects to https:// and then policy 2 kicks in as well.

 

You have to have some way to distinguish scenario 1 from scenario 2 post https redirect.

 

The backend ports don't matter yet in this case, as that is handled by load balancing, but you don't have a way to separate your two scenarios as currently described.  Even with content switching you have overlapping criteria for your scenarios as they are both triggering off of the same fqdn and the same path equals "/".

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...