Cisco ACE Module HTTP-to-HTTPS (SSL) Redirection
generalnetworkerror Posted on Fri, April 13, 2012 at 22:57 tagged best current practice, www in load balancing, security A simple approach to handle sites that require SSL (HTTPS) encryption is to not allow plain-text HTTP, but that’s not very user-friendly and no one likes having to type extra characters into the browser to indicate HTTPS as the URI scheme. So the elegant solution for the client-side request is to allow HTTP, but then to redirect all such requests over to SSL. If you’re doing SSL Acceleration on your ACE load-balancer anyway, your configuration will become simpler in the long-run since you won’t have to maintain as much duplicate configuration to handle different load-balance policies for plain-text HTTP and SSL.
The solution is to create a generic redirect rserver and serverfarm that can be used for any SSL loadbalance policies. For web applications that may build absolute paths, the web server may need to know that the client protocol has switched over to SSL so you don’t have needless redirects. A HTTP Header can be sent in the request toward the web server to inform it of the protocol using the de facto standard header called X-Forwarded-Proto — using the standard Via header is another alternative and will be shown in an example.
