Redirecting http requests to https virtual servers/URL’s in Netscaler
Its a comment request to all Netscaler techie guys to redirect URL’s from http to https. This post we will cover the traffic redirection from http to https without loosing the complete URL path. meaning if the url supposed to be https://Website.com/web/login.aspx , if user typed http://Website.com/web/login.aspx the redirection will redirect to https keeping the complete URL path as is like https://Website.com/web/login.aspx , in case if user typed http://Website.com instead of https netscaler will redirect to https://website.com.
There are many ways of achieving this now a days.
- Netscaler firmware 11.1 on wards we can specify redirection while creating load balancing virtual server itself by clicking on more options.
- Creating responder policy and apply to a http virtual server ( content swith or load balanced vserver) with same virtual IP as actual https virtual IP but on port 80.
At this point i will cover the second way of achieving it on content switch vserver.
Steps for redirecting http to https url on a content swith virtual server.
Step 1:SSH to Netscaler ( Primary if in HA)
Step2: Create Responder Action
Run below command to create responder action for http tp https redirection. HttpsRedir_Act is the action Name which we are using
add responder action HttpsRedir_Act redirect “\”https://\”+http.REQ.HEADER(\”Host\”).HTTP_HEADER_SAFE+http.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE”
Step3: Create Responder policy
Run below command to create responder Policy for the action we created before.
website.com : should be replaced with your actual website URL
Http_2_Https_pol : this is the policy name
add responder policy HttpsRedir_pol “http.REQ.HOSTNAME.EQ(\”website.com\”) && client.TCP.DSTPORT.EQ(80)” HttpsRedir_Act
Step4: Set the undefined responder action
Run this command to set undefined action.
set responder param -undefAction NOOP
Step5: Create http based Content Switch vServer
As you can see below I already have a SSL Content switch vServer created. Click on Add above to create Http CvServer.
- Name: A-Web-CSvServer-http
- Protocol: Http
- IP: Same IP as SSL CvServer 192.168.1.110
- Port : 80
Click OK, no need to add any load balancing vservers.
Click on Policies on the right hand top to add to your content switch vserver.
Click on (+) sign to add the Responder policy which we created earlier with command
Select Responder- request – Continue
Click to Select
Select the Policy HttpsRedir_pol which we created with command earlier.
Review the Policy Name is showing under select policy and Bind.
Click Done to finish.
Step 6: Explanation and Testing the redirection
In my case Website.com DNS records pointing to 192.168.1.110, when a Http request comes our http (80) content switch vServer 192.168.1.110 will respond to the request, it had nothing but a policy bound to it saying when a http request comes for website.com redirect to https and it does. When its changed to https our SSL (443) content swithch vServer will respond to the requests.
Test the same just by typing http://website.com it should redirect to https://website.com
Hope this post is useful, leave your comments and feedback below.