In this post I will show you two ways of configuring a netscaler to redirect http to https requests in two ways the first is very simple and the second way is more involved but a far cleaner approach.
First the easy one!
HTTPS Redirection the easy way
Open up the netscaler gui and expand the Load Balancing tab and click on the Virtual Server sub entry.
Create a new dummy Virtual service with the same ip address as the HTTPS vserver you would like to redirect to and keep the default port of port 80,also do not bind any monitors to it (this will mean the Vserver is always down).
Click on the advanced button and in the Redirect URL entry enter the URL of the SSl Vserver.
There you are done hitting the URL over port 80 will now redirect you to the HTTPS Vserver.
Using Responder Policies to redirect HTTP to HTTPS requests
The second method uses the responder policy to redirect an incoming http request to https.
The general idea is we create a responder action and policy and then a dummy monitor and service within the Load Balancing tab. Then we create a LB VServer on port 80 with the same IP address as the HTTPS site that we want redirect HTTP requests too and bind the policy and service to it.
1/ Click on the Responder tab and click on the actions menu
2/ Click Add to create a new responder policy and give it an appropriate name
3/ In the type list select REDIRECT and within the target field type the follow
“https://” + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE
4/ By default the Bypass safety check should be unticked but just check it and make sure it is unticked then click the CREATE button.
5/ Click on responder policy and click CREATE.
6/ Name the policy something appropriate and from the Action dropbox select the responder action you have just created.
7/ Within the Undefined action list select reset.
8/ Within the expression box type HTTP.REQ.IS_VALID.
Thats the responder portion of the configuration now onto setting up the monitors and LB vservers.
LB VServer Setup
9/ Expand the Load Balancing tab and in the Monitors selection create a custom monitor with the type of PING and the IP address of 127.0.0.1 , This monitor will ping the localhost address of the netscaler so will always be up.
10/ Click on Services and create and give it an appropriate name, then in the Server field enter an IP address that does not exist (something like 126.96.36.199 will suffice).
11/ In the Port field select port 80 and in the monitors dialogue box add the dummy monitor you have just created.
12/ Now move on to the Virtual Servers option and create a new Load Balancing Virtual Server with a sensible name.
13/ In the IP address field enter the same IP address as the IP address of the VServer that we want to redirect http to https requests to.
14/ Ensure that port 80 and HTTP is specified as the protocol.
15/ In the services tab tick the box on the dummy service you have created as above.
16/ Then click on the policies tab and click on the responder button, select Insert Policy and choose the policy that we have created as above.
Then test out your redirection you should find that making http requests are redirected to HTTPS connections.
Author: Dale Scriven
Subscribe to vhorizon
DisclaimerThis blog and any other post made by me on the internet is representative of my views only, they are not the views of my past/current/future employers.