Solved: re-write a url to use SSL

mberkeley · ‎12-14-2012

I am using DNN with eCommerce capabilities across a balanced set of servers. I would like to have SSL managed at the Stingray level and only pass unencrypted data to the webservers. In DNN I can enable SSL, but not require it.

I have setup a Service, eCom, with internal IP 192.168.1.10. This is then connected to two virtual servers:

eComHTTP listening on port 80 and connected to a pool called eCom
eComSSL listening on port 443 and connected to the same ecom pool

the ecom pool has two servers both using port 80:

eComS1: 192.168.1.15
eComS2: 192.168.1.16

Here's what I am trying to do: Use SSL only for the page that accepts payment: https://ecom.domain.com/default.aspx?tabid=111

If I don't require SSL on the DNN server it will not request the page be called using SSL. If I require SSL, it is looking for a connection on 443 for the inbound data.

Is there a way to use traffic script to set SSL for this page and have the Stingray handle all of the SSL encryption/decryption? OR is there a better way to configure this whole thing?

thanks in advance?

aclarke · ‎12-14-2012

Michael,

Easiest way to set this up is to offload the SSL to the Stingrays... When you offload this, you don't need to have a pool of https servers - the Stingray will terminate the SSL and pass the traffic to the back end in the clear. Once you have the SSL offload set up, you can simply use a rule to redirect the traffic you want form the HTTP to the HTTPS virtual server.

To set up HTTPS, First, import your certificates into the SSL Server Certificates catalog (SSL is covered in chapter 13 of the Stingray User Guide) Once you are done, it would look something like this (your names will obviously be different to mine):

Configure two vservers - one for HTTP and one for HTTPS, specifying the same pool of HTTP back end nodes. On the HTTPS vserver, you set up SSL Offload. Once you are done, it should look something like this:

Once you have this set up, you can do an HTTP to HTTP redirect on the URL stub that you want to make HTTPS only with a Traffic Script:


$URL = http.getRawURL();

$HOST = http.getHostHeader();


if ( string.startsWith( $url, "http://path/that/should/be/https/only/" ) ) {

   http.redirect("https://".$HOST . $URL);   

}

Hope that helps...

--

Aidan.

--
Aidan Clarke
Pulse Secure vADC Product Manager

View solution in original post

aclarke · ‎12-14-2012

Michael,

Easiest way to set this up is to offload the SSL to the Stingrays... When you offload this, you don't need to have a pool of https servers - the Stingray will terminate the SSL and pass the traffic to the back end in the clear. Once you have the SSL offload set up, you can simply use a rule to redirect the traffic you want form the HTTP to the HTTPS virtual server.

To set up HTTPS, First, import your certificates into the SSL Server Certificates catalog (SSL is covered in chapter 13 of the Stingray User Guide) Once you are done, it would look something like this (your names will obviously be different to mine):

Configure two vservers - one for HTTP and one for HTTPS, specifying the same pool of HTTP back end nodes. On the HTTPS vserver, you set up SSL Offload. Once you are done, it should look something like this:

Once you have this set up, you can do an HTTP to HTTP redirect on the URL stub that you want to make HTTPS only with a Traffic Script:


$URL = http.getRawURL();

$HOST = http.getHostHeader();


if ( string.startsWith( $url, "http://path/that/should/be/https/only/" ) ) {

   http.redirect("https://".$HOST . $URL);   

}

Hope that helps...

--

Aidan.

--
Aidan Clarke
Pulse Secure vADC Product Manager

Report Inappropriate Content · ‎12-14-2012

Ok, I am pretty close. the http redirect traffic script...

is it a request script or a response script?

aclarke · ‎12-14-2012

Request Script.

--

Aidan.

--
Aidan Clarke
Pulse Secure vADC Product Manager

Report Inappropriate Content · ‎12-14-2012

Ok, so I've got the following in a request script on the non-SSL virtual server:

$URL = http.getRawURL();

$HOST = http.getHostHeader();

if ( string.contains( $url, "tabid=169" ) ){

http.redirect("Location: https://".$HOST . $URL);

but when I go to the page with tabid=169 in the URL it does not redirect the connection to the SSL Virtual Server.

I am sure I am missing something, but not sure what.

Thanks again for your help!

Report Inappropriate Content · ‎12-14-2012

and yes, the closing '}' is on the script, i just missed it in the cut and paste.

Report Inappropriate Content · ‎12-14-2012

I was able to maek this script work by removing the 'Location: ' from the http.redirect.

is this going to cause issues? What does the Location do?

vreddy · ‎12-14-2012

Michael,

Since you are using http.redirect function you just need to provide the complete URL as the argument to the function and nothing else. For example http.redirect("https://".$HOST.$URL); If were using http.sendResponse then you could have constructed same redirect message but you have to manually provide the arguments for example http.sendResponse( "302 Moved Temporarily", "text/html", "", "Location: " . $url );

-Vinay

aclarke · ‎12-15-2012

Thanks Vinay - that will teach me to write TS at 2 in the morning...

I have updated the TS in the above post to reflect Vinay's corrections..

--

Aidan

--
Aidan Clarke
Pulse Secure vADC Product Manager

aclarke · ‎12-15-2012

ok - so it wont let me edit my previous post...

--
Aidan Clarke
Pulse Secure vADC Product Manager

re-write a url to use SSL

re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL

Re: re-write a url to use SSL