Cisco CSS 11500 HTTP-to-HTTPS (SSL) Redirection
generalnetworkerror Posted on Tue, November 13, 2012 at 1:27 tagged best current practice, http, ssl, webns in load balancing A simple approach to handle sites that require SSL (HTTPS) encryption is to not allow plain-text HTTP, but that’s not very user-friendly and no one likes having to type extra characters into the browser to indicate HTTPS as the URI scheme. So the elegant solution for the client-side request is to allow HTTP, but then to redirect all such requests over to SSL. If you’re doing SSL Acceleration on your CSS 11500 load-balancer anyway, and you have public facing sites, you should also be doing HTTP-to-HTTPS (SSL) redirection.
Assuming you already have SSL termination configured, you’ll already have SSL and HTTP VIPs that work together. The trick is to add a different VIP (virtual IP adddress) for the SSL proxy and convert the existing HTTP rule to a redirect rule. Optionally, you could use a redirect service in the rule instead. Entire config snippets available here.
