Mohamed Iqbal Syed Abitheen Posted September 15 Posted September 15 Currently the application is working with HTTP and user installed SSL certs in the backend Servers and want to redirect the URL to HTTPS request. so how to configure the rewrite or Responder actions which should I use also should I change the service group to Port 443 that is currently 80. for the frontend URLs it is HTTP only. we are not installing the SSL certs in the NetScaler. URLs working with HTTP now: mis-az-test-admin.hm.com mis-az-test.hm.com mis1-az-test.hm.com
Michael Adam Posted September 15 Posted September 15 Hello @Mohamed Iqbal Syed Abitheen if you don`t want to install a SSL Cert for the vServer you can use vServer with type SSL_Bridge on Port 443. If you need a more effective/intelligence Loadbalancing you can install a SSL-Cert and use a vSever with type SSL on Port 443. I think you use 3 Loadbalancer for your 3 sites. Then you need also 3 Loadbalancer on Port 443. If you use a SSL-Cert on the NetScaler you can also use 1 Content-Switch instead of using 3 IP-Adresses. When you create you Loadbalancer there is direct a option for redirecting traffic! You can find it in your vServer: Edit Basic Settings, click More, and add values for Redirect From Port and HTTPS Redirect URL. If you use this you don`t need your Port 80 Loadbalancer! If you want to use a responder instead, then create you action: Create a responder action Appexpert > Responder > Action > Add. The parameters are like this “https:\\” +HTTP.REQ.HOSTNAME.HTTP_URL_SAFE+HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE Then you need a policy like that: Then you can bind this policy to your Port 80 vServer. Regards, Michael
Jonnathan Rojas Murillo Posted September 16 Posted September 16 (edited) @Mohamed Iqbal Syed Abitheen This is one of those corner cases cause this sounds like the opposite from SSL offload, but from a theorical point of view you don't need to do any rewrites or change much in the Netscaler Since you want to keep the vserver on HTTP and the services will be SSL you can simply create the services on SSL and bind it to your existing HTTP vserver, there is no restriction on the Netscaler that doesn't allow you to do this and the whole SSL portion would be transparent to your users, only the communication between the Netscaler and the backend servers would be encrypted. Now if you want to make the whole communication over SSL then you would use the SSL_BRIDGE option mentioned above, where the Netscaler won't be doing any decryption/encryption....this sounds like a better option in general but this will depend on your specific technical/business requirements Edited September 16 by Jonnathan Rojas Murillo
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now