Jump to content


Photo

Global redirect http to https

Started by Ihar Harbuz , 12 April 2017 - 09:48 AM
6 replies to this topic

Ihar Harbuz Members

Ihar Harbuz
  • 6 posts

Posted 12 April 2017 - 09:48 AM

Hi ALL,

 

I want to create redirect for all HTTP traffic to HTTPS.

 

I have created:

add responder action a-resp-http-https redirect "\"https://\"+HTTP.REQ.HEADER(\"Host\").HTTP_HEADER_SAFE+HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE" -responseStatusCode 302

add responder policy p-resp-http-https "HTTP.REQ.URL.PROTOCOL.EQ(\"http\")" a-resp-http-https

 

bind responder global p-resp-http-https 100 -type OVERRIDE

 

But responder policy don't work.

If I rewrite RP as:

 

add responder policy p-resp-http-https HTTP.REQ.IS_VALID a-resp-http-https

 

then redirect work good, but all other traffic didn't fall into the LB vservers.

 

How can I correctly check HTTP protocol in responder policy?

 

NS11.1: Build 52.13.nc

 



Shalu Verma Citrix Employees

Shalu Verma
  • 36 posts

Posted 12 April 2017 - 12:29 PM

Hi Lhar,

 

http://discussions.citrix.com/topic/373018-simple-http-to-https-redirect/#entry1905429. Please look at this link once it might help you.

 

 

If already have a look please ignore it.



Ihar Harbuz Members

Ihar Harbuz
  • 6 posts

Posted 12 April 2017 - 12:49 PM

Hi,

thank You for answer,

But I already read this article.

For redirect on LBVS all work good.

 

But I want to redirect all HTTP requests (not only on 80 port) and for it I think to select and verify url's protocol.



Paul Blitz Members

Paul Blitz
  • 3,915 posts

Posted 12 April 2017 - 02:20 PM

Normally, when you create a vserver, it is only on a single port (for example, HTTP defaults to port 80). If a user tries to connect HTTP to any other port, by default, Netscaler won't be listening for it.

 

To listen on ALL ports, you can specify the port as * - then you just need the single redirect on that LBVS



Ihar Harbuz Members

Ihar Harbuz
  • 6 posts

Posted 13 April 2017 - 05:19 AM

But NS have feature for global binding redirect policy.

And 11.1 have new -redirectFromPort and -httpsRedirectUrl LB vserver options for it purposes

 

Ok. I try recreate my question.

Did anybody use HTTP.REQ.URL.PROTOCOL expression?

What string did it return?



Joe Brozzetti Members

Joe Brozzetti
  • 180 posts

Posted 13 April 2017 - 07:02 PM

Try this Responder:

 

Policy:  !CLIENT.SSL.IS_SSL

 

Respond With

 

"HTTP/1.1 301 Moved Permanently\r\n" + "Location: https://" + HTTP.REQ.HOSTNAME + HTTP.REQ.URL.PATH_AND_QUERY + "\r\n\r\n"



Ihar Harbuz Members

Ihar Harbuz
  • 6 posts

Posted 14 April 2017 - 05:53 AM

Thank You for answers.

I had create next policy:

 

add responder action a-resp-http-https redirect "\"https://\"+HTTP.REQ.HEADER(\"Host\").HTTP_HEADER_SAFE+HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE" -responseStatusCode 302

 

add responder policy p-resp-http-https "CLIENT.TCP.DSTPORT.EQ(80)||CLIENT.TCP.DSTPORT.EQ(8080)" a-resp-http-https

bind responder global p-resp-http-https 100 END -type REQ_OVERRIDE

 

It work.