Jump to content
Welcome to our new Citrix community!

HTTP to HTTPS redirection with SSL_Bridge


Recommended Posts

Greetings Everyone!!

 

I have to configure Http to Https redirection for one of the new VIP configuartion.

i have to configure SSL_Bridge for HTTPS traffic not SSL. 

Backend serevr port is on port 8200.

my netscaler is on 12.0 and for ssl VIP , i have option avaialble for redirection but not for SSL_Bridge.

Please suggest how to configure .

Link to comment
Share on other sites

You can still do HTTP to HTTPS redirection if your vserver is SSL_BRIDGE, you will just need to create a separate lb_vsrv_appA_sendtossl on HTTP:80 or HTTP:8200 (if users's will be using that port) and use either the redirect url (protection method) on the HTTP vserver OR a responder policy to redirect to SSL.

 

Example 1: using backup redirect url on a DOWN HTTP:80 vserver:

add http vserver lb_vsrv_appA_sendtossl  HTTP <VIP1> 80  -redirecturl https://<fqdn> 

#same vip as your SSL vserver uses; for redirect URL no trailing "/" as whatever path/query is attached on original request will be redirected to new destination.

# no services; bound as this will be in a down state

 

Example 2: using responder policy (and an UP vserver; with a dummy service for port 80 traffic.  Might be some cli syntax issues...but close enough

add service svc_temp http 1.2.3.4 80 -healthmon disabled #or off

add lb vserver lb_vsrv_appA_sendtossl HTTP <VIP1> 80

add responder action rs_act_sendtossl REDIRECT '"https://" + http.req.header("host") + http.req.url.path_and_query' -responseStatusCode 301

add respodner policy rs_pol_sendtossl '!client.ssl.is_ssl && http.req.header("host").set_text_mode(ignorecase).eq("<fqdn>"))' rs_act_sendtossl   #other expressions can be used

bind lb vserver lb_srv_AppA_sendtoSSL -policyName rs_pol_sendtossl -priority 100

 

The real decision is whether you in fact need SSL_BRIDGE or SSL (with SSL termination on the ADC).  But the send to ssl method can be used for either scenario.

On the ADC, SSL_BRIDGE for vserver/services means hte netscaler does not do SSL Termination; no cert required.

SSL for services/vservers means the traffic is HTTPS-based (web and encrypted) AND the adc will do ssl termination (needs a cert, will do decryption and can do frontend ssl to backend http OR frontend SSL (process and apply other features to traffic) and then re-encrypt to do backend SSL).  ADC will use SSL or TLS protocols.  So I think you were just confused that SSL vserver means HTTPS content.

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...