Jump to content

Recommended Posts

Posted

Currently the application is working with HTTP  and user  installed SSL certs in the backend Servers and want to redirect the URL to HTTPS  request.

so how to configure the rewrite or Responder actions which should I use also  should I change the service group to Port 443  that is currently 80.  for the frontend URLs it is HTTP only.  we are not installing the SSL certs in the NetScaler.  

URLs  working with HTTP  now:

mis-az-test-admin.hm.com
mis-az-test.hm.com
mis1-az-test.hm.com

 

 

Posted

Hello @Mohamed Iqbal Syed Abitheen

 

if you don`t want to install a SSL Cert for the vServer you can use vServer with type SSL_Bridge on Port 443.  If you need a more effective/intelligence Loadbalancing you can install a SSL-Cert and use a vSever with type SSL on Port 443. I think you use 3 Loadbalancer for your 3 sites. Then you need also 3 Loadbalancer on Port 443. If you use a SSL-Cert on the NetScaler you can also use 1 Content-Switch instead of using 3 IP-Adresses.

 

When you create you Loadbalancer there is direct a option for redirecting traffic! You can find it in your vServer: Edit Basic Settings, click More, and add values for Redirect From Port and HTTPS Redirect URL. If you use this you don`t need your Port 80 Loadbalancer!

image.thumb.png.f3e54c157e745e84003f72ba7c6482df.png

 

If you want to use a responder instead, then create you action: 

Create a responder action Appexpert > Responder > Action > Add. The parameters are like this
“https:\\” +HTTP.REQ.HOSTNAME.HTTP_URL_SAFE+HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE
image.thumb.png.18cc47cae31a575a46f76e5fe6ab732c.png

Then you need a policy like that:
image.thumb.png.d347985494ad63bec443c90661c49ae6.png

Then you can bind this policy to your Port 80 vServer.

 

Regards,
Michael 

Posted (edited)

@Mohamed Iqbal Syed Abitheen

This is one of those corner cases cause this sounds like the opposite from SSL offload, but from a theorical point of view you don't need to do any rewrites or change much in the Netscaler

 

Since you want to keep the vserver on HTTP and the services will be SSL you can simply create the services on SSL and bind it to your existing HTTP vserver, there is no restriction on the Netscaler that doesn't allow you to do this and the whole SSL portion would be transparent to your users, only the communication between the Netscaler and the backend servers would be encrypted.

 

Now if you want to make the whole communication over SSL then you would use the SSL_BRIDGE option mentioned above, where the Netscaler won't be doing any decryption/encryption....this sounds like a better option in general but this will depend on your specific technical/business requirements

Edited by Jonnathan Rojas Murillo

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...