Jump to content
Welcome to our new Citrix community!

Elaboration How to redirect https to https - responder


Recommended Posts

Following the URL https://discussions.citrix.com/topic/397836-how-to-redirect-https-to-https/ - I was able to add a responder policy and action. However the re-direct is not working. 

 

My question is - what attributes need to be in the VIP for this responder policy/action to work?

 

Should it be type SSL? That's what I have.

Does it need to be in an UP state? As this VIP is just for the redirect I have no services associated with it so it's down. 

Do I need the certificate for the domain of the original URL bound to the VIP for this to work? I do not. Perhaps this is the culprit. 

 

Please let me know any other attributes of the VIP that will allow an https to https redirect via 302 sent back to the client. 

 

Thank you.

 

 

"

There are two ways to handle this. One is to use a Responder to simply redirect the user to https://lalapalooza.us-west-1amazonaws.com/us..., and this URL will be the one visible in the user's browser. The second method is to use Rewrite/Transform so in the user's browser it says https://test123.foo.com/us.. while the backend server receives HTTP GET Requests for the url https://lalapalooza.us-west-1.amazonaws.com/us... This second way is useful if you want to hide certain URLs/paths from users, or if the backend server is expecting traffic on a specific hostname (lalapalooza.us-west1-amazonaws.com). I mention this since I don't know what the goal is in your scenario.

 

Below is a Responder policy bound to an LB vServer.

 

add responder action REA-LALAPALOOZA-AWS-REDIRECT redirect "\"https://lalapalooza.us-west-1.amazonaws.com\" + HTTP.REQ.URL.PATH_AND_QUERY" -responseStatusCode 302 add responder policy REP-LALAPALOOZA-AWS-REDIRECT "HTTP.REQ.HOSTNAME.SERVER.SET_TEXT_MODE(IGNORECASE).EQ(\"test123.foo.com\")" REA-LALAPALOOZA-AWS-REDIRECT bind lb vserver LB-SOMESYSTEM -policyName REP-LALAPALOOZA-AWS-REDIRECT -priority 100 -gotoPriorityExpression END -type REQUEST"

Link to comment
Share on other sites

I usually create a cs-vserver, type HTTP, port 80 (this is not common practide, I know, but has the advantage of a server that is always up.

 

I create a responder policy and a responder action and bind the responder policy to this vServer. replace <ip> with the IP of your desire, usually the IP of the SSL vserver

 

add cs vserver sc_vs_SSL_Redirect_80 HTTP <ip> 80

add responder action res_act_send2ssl redirect "\"https://\"+HTTP.REQ.HOSTNAME+HTTP.REQ.URL.HTTP_URL_SAFE" -responseStatusCode 301

add responder policy res_pol_send2ssl true res_act_send2ssl

bind cs vserver sc_vs_SSL_Redirect_80 -policyName res_pol_send2ssl -priority 100 -gotoPriorityExpression END -type REQUEST

 

greetings

 

Johannes Norz

CTA, CCI, CCE-N

  • Like 1
Link to comment
Share on other sites

1 hour ago, Michael Medwid1709157745 said:

Hi Jonannes. In your example where would I specify the original and redirected URL?

 

Original:

https://test123.foo.com/us-east-1_0QURUQ/.known/jwks.json

 

301 redirect to:

https://lalapalooza.us-west-1.amazonaws.com/us-east-1_0QUR

 

My example will redirect http://server/url to https://server/url, so the same server, the same url.

 

If you want to redirect to a specivic server/URL the policy action would look like that:

add responder action res_act_send2ssl redirect "\"https://server/url\"" -responseStatusCode 301

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...