Configure an HTTPS virtual server to accept HTTP traffic

A user might attempt to access a secure website by sending an HTTP request. You can drop such requests or redirect the request to the secure website. In earlier releases, to redirect the request to the secure website, you were required to do the following:

  • Add HTTP and HTTPS virtual servers with the same IP address but different ports.
  • Add a responder action that redirects all traffic to the HTTPS virtual server.
  • Add a responder policy specifying the preceding action, and bind the policy to the HTTP virtual server.

From release 11.1, you can configure an HTTPS virtual server to also process all HTTP traffic. That is, if HTTP traffic is received on the HTTPS virtual server, the appliance internally performs one of the following actions depending on the option configured:

  • Prepends an https:// to the incoming URL.
  • Redirects the traffic to another HTTPS URL.

Two new parameters, httpsRedirectUrl and redirectFromPort are added to the add lb vserver command.

  • redirectFromPort: All HTTP traffic received on this port is prefixed with https:// in the URL and redirected. Ensure that you also specify the redirect URL. If you do not specify the redirect URL, the traffic is redirected to the virtual server IP address.
  • httpsRedirectUrl: All HTTP traffic received on the port specified in the -redirectFromPort parameter is redirected to this URL. For example, all HTTPS traffic received on http://www.example.com is redirected to https://www.sample.com.

Note

Starting from NetScaler release 13.1 build 4x, the httpsRedirectUrl and redirectFromPort parameters are supported in the add cs vserver command.

If the HttpsRedirectUrl parameter is not configured, you can expect the following behaviour:

  • For an LB virtual server, when the autoscaleOption in the set ns param command is not set (i.e.value is zero), the HTTP traffic is redirected to the VIP of the SSL virtual server. When the autoscaleOption is set to a value, the HTTP traffic is redirected to the host header value in the incoming HTTP request.
  • For a CS virtual server, the HTTP traffic is redirected to the value of the host header in the incoming HTTP request, irrespective of the autoscaleOption in the set ns param command.

Configure HTTP to HTTPS redirect on load balancing virtual servers by using the CLI

At the command prompt, type:

add lb vserver <name> <serviceType> -redirectFromPort <port | *>  -httpsRedirectUrl <URL>
<!--NeedCopy-->

Example:

add lbvserver lbvip2 SSL 1.2.1.2 443 -redirectFromPort 80 -httpsRedirectUrl https://www.example.com

<!--NeedCopy-->

Configure HTTP to HTTPS redirect on load balancing virtual servers by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers.
  2. Add a virtual server of type SSL and click OK.
  3. Edit Basic Settings, click More, and add values for Redirect From Port and HTTPS Redirect URL.

Configure HTTP to HTTPS redirect on content switching virtual servers by using the CLI

At the command prompt, type:

add cs vserver <name> <serviceType> -redirectFromPort <port|*>  [-httpsRedirectUrl <URL>]
<!--NeedCopy-->

Example:

add cs vserver csv1 SSL 1.2.4.5 443 -redirectFromPort 80 -httpsRedirectUrl https://www.example.com`
<!--NeedCopy-->

Configure HTTP to HTTPS redirect on content switching virtual servers by using the GUI

  1. Navigate to Traffic Management > Content Switching > Virtual Servers.
  2. Add a virtual server of type SSL and click OK.
  3. Edit Basic Settings, click More, and add values for Redirect From Port and HTTPS Redirect URL.