On this fourth part, we direct all HTTP requests our Content Switching VIP to HTTPS.
So, log in to you Netscaler and go to:
Traffic Management -> Content Switching -> Virtual Servers
Click 'Add' button, to add new Content Switching Virtual Server (CSVS)
I'll name it: 'ContentSwitch-VIP HTTP-to-HTTPS'
Protocol: HTTP
And use same IP address as we used in part 1
Click 'OK'
Click 'OK'
Click 'Policies' on right side.
Click '+' icon on 'Policies'
Under 'Choose Policy', select 'Responder'
Click 'Continue'
Under 'Policy Binding', click on '+' Icon
Click '+' icon right to 'NOOP'
Name: 'responder_action_http-to-https'
Type: Redirect
Type: Redirect
Expression: "https://"+HTTP.REQ.HOSTNAME+HTTP.REQ.URL
Check 'Bypass Safety Check'
Click 'Create'
Name: 'responder_policy_http-to-https'
Expression: 'true'
Click 'Create'
Click 'Bind'
And click 'Done'
And there it is:
Now, when client connects to VIP-address listening on port 80, it will automatically redirect to HTTPS port 443.
To do this with CLI:
add cs vserver "ContentSwitch-VIP HTTP-to-HTTPS" HTTP 192.168.86.3 80 -cltTimeout 180 -Listenpolicy None add responder action responder_action_http-to-https redirect "\"https://\"+HTTP.REQ.HOSTNAME+HTTP.REQ.URL" -bypassSafetyCheck YES add responder policy responer_policy_http-to-https true responder_action_http-to-https bind cs vserver "ContentSwitch-VIP HTTP-to-HTTPS" -policyName responer_policy_http-to-https -priority 100 -gotoPriorityExpression END -type REQUEST
This was fourth part of Netscaler blog series.
There might be more to come in the future on same topic.
Action should be changed to:
ReplyDelete"https://"+HTTP.REQ.HOSTNAME+HTTP.REQ.URL.PATH_AND_QUERY