cancel
Showing results for 
Search instead for 
Did you mean: 

re-write a url to use SSL

SOLVED
Highlighted

re-write a url to use SSL

I am using DNN with eCommerce capabilities across a balanced set of servers.  I would like to have SSL managed at the Stingray level and only pass unencrypted data to the webservers.  In DNN I can enable SSL, but not require it. 

I have setup a Service, eCom, with internal IP 192.168.1.10.  This is then connected to two virtual servers:

  • eComHTTP listening on port 80 and connected to a pool called eCom
  • eComSSL listening on port 443 and connected to the same ecom pool

the ecom pool has two servers both using port 80:

  • eComS1: 192.168.1.15
  • eComS2: 192.168.1.16

Here's what I am trying to do: Use SSL only for the page that accepts payment:  https://ecom.domain.com/default.aspx?tabid=111

If I don't require SSL on the DNN server it will not request the page be called using SSL.  If I require SSL, it is looking for a connection on 443 for the inbound data.

Is there a way to use traffic script to set SSL for this page and have the Stingray handle all of the SSL encryption/decryption?  OR is there a better way to configure this whole thing?

thanks in advance?

10 REPLIES
Moderator

Re: re-write a url to use SSL

Michael,

    Easiest way to set this up is to offload the SSL to the Stingrays... When you offload this, you don't need to have a pool of https servers - the Stingray will terminate the SSL and pass the traffic to the back end in the clear.  Once you have the SSL offload set up, you can simply use a rule to redirect the traffic you want form the HTTP to the HTTPS virtual server.

To set up HTTPS, First, import your certificates into the SSL Server Certificates catalog (SSL is covered in chapter 13 of the Stingray User Guide)  Once you are done, it would look something like this (your names will obviously be different to mine):

Google Chrome021.png

Configure two vservers - one for HTTP and one for HTTPS, specifying the same pool of HTTP back end nodes.  On the HTTPS vserver, you set up SSL Offload.  Once you are done, it should look something like this:

Google Chrome019.png

Once you have this set up, you can do an HTTP to HTTP redirect on the URL stub that you want to make HTTPS only with a Traffic Script:


$URL = http.getRawURL();


$HOST = http.getHostHeader();



if ( string.startsWith( $url, "http://path/that/should/be/https/only/" ) ) {


   http.redirect("https://".$HOST . $URL);  


}






Hope that helps...

--

Aidan.

N/A

Re: re-write a url to use SSL

Ok, I am pretty close.  the http redirect traffic script...

is it a request script or a response script?

Moderator

Re: re-write a url to use SSL

Request Script.

--

Aidan.

N/A

Re: re-write a url to use SSL

Ok, so I've got the following in a request script on the non-SSL virtual server:

$URL = http.getRawURL();

$HOST = http.getHostHeader();

if ( string.contains( $url, "tabid=169" ) ){

   http.redirect("Location: https://".$HOST . $URL);

but when I go to the page with tabid=169 in the URL it does not redirect the connection to the SSL Virtual Server.

I am sure I am missing something, but not sure what.

Thanks again for your help!

  

N/A

Re: re-write a url to use SSL

and yes, the closing '}' is on the script, i just missed it in the cut and paste.

N/A

Re: re-write a url to use SSL

I was able to maek this script work by removing the 'Location: ' from the http.redirect.

is this going to cause issues?  What does the Location do?

New Contributor

Re: re-write a url to use SSL

Michael,

Since you are using http.redirect function you just need to provide the complete URL as the argument to the function and nothing else. For example http.redirect("https://".$HOST.$URL); If were using http.sendResponse then you could have constructed same redirect message but you have to manually provide the arguments for example  http.sendResponse( "302 Moved Temporarily", "text/html", "", "Location: " . $url );

-Vinay

Moderator

Re: re-write a url to use SSL

Thanks Vinay -  that will teach me to write TS at 2 in the morning...

I have updated the TS in the above post to reflect Vinay's corrections..

--

Aidan

Moderator

Re: re-write a url to use SSL

ok - so it wont let me edit my previous post...