Guest

Cisco CSS 11000 Series Content Services Switches

Redirect Configuration on the CSS 11000

Document ID: 41840

Updated: Mar 03, 2006

   Print

Introduction

This document describes what happens when a client connects to a Virtual IP (VIP) and the switch is configured to send a redirect back to the client. There are two different types of redirects on the Content Services Switch (CSS), a content rule redirect and a service redirect. These two types of redirects are different in the way that they append information to the domain name, as well as when they are applied to the traffic that hits the associated VIP.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Configurations

This document uses these configurations:

Use a redirect in the content rule as the default action
!*************************** OWNER *************************** 
  owner CSS-Team 

    content default-redirect  
      port 80  
      protocol tcp  
      vip address 192.168.1.20  
      url "/*"  
      redirect "//www.cisco.com/tac/" 
      active

Note: You can also specify the redirect field to be a different page on the same domain (for example, redirect "/support/index.html") so that the client is redirected to the same VIP but to a different page. This requires another content rule to accept the new page or else it becomes caught in a continuous loop to this content rule. The redirect field can also be configured as an IP address (for example, redirect "//192.168.1.21/").

The client goes to www.cisco.com/tac/ because any request to this VIP is redirected to the redirect string that is configured in the content rule. Notice that the /default.htm from the original request is not appended to the redirect string.

This example makes use of the redirect command in the content rule. Refer to the Command Reference for more information.

Use a service in the content rule as the default action
!************************** SERVICE ************************** 
service default-service 
  ip address 2.2.2.2 
  keepalive type none 
  type redirect 
  redirect-string "www.cisco.com/tac/" 
  active 

!*************************** OWNER *************************** 

owner CSS-Team 

  content default-redirect 
    vip address 206.25.90.84 
    protocol tcp 
    port 80 
    url "/*" 
    add service default-service 
    active

This configuration has the same result as using a redirect in the content rule as the default action. The client goes to www.cisco.com/tac/ because any request to this VIP is redirected to the redirect string that is configured in the service. Notice that the /default.htm from the original request is still not appended to the redirect string.

This example makes use of the type and redirect-string commands in the service. Refer to the Command Reference for more information.

The type is used to change the service from the default type of local to type redirect. The redirect-string command is the actual location that the client is redirected to. The client is redirected to the exact string quoted in the service and completely replaces the URL from the initial request.

Use a service in the content rule as the backup action
!************************** SERVICE ************************** 
service backup 
  ip address 2.2.2.2 
  keepalive type none 
  type redirect 
  redirect-string "www.cisco.com/tac/" 
  active 

service regular-server1 
  ip address 10.2.3.4  
  active  

service regular-server2  
  ip address 10.2.3.5  
  active  

!*************************** OWNER *************************** 

owner CSS-Team 

  content default-redirect 
    vip address 206.25.90.84 
    protocol tcp 
    port 80 
    url "/*" 
    add service regular-server1 
    add service regular-server2 
    add service backup 
    active

In this example, there are three services in the content rule. Two of the services (regular-server1 and regular-server2) are the default type of local. The third service (backup) is type redirect. The CSS behavior is to send all connections to local services if possible. This means that while any local service in a content rule is functional, the CSS does not send any traffic to the redirect service. Only in the event of all local services going down does the CSS ever use the redirect service.

No new commands are introduced in this example, only additional configuration techniques.

Use a service in the content rule to redirect from HTTP to HTTPS
 !************************** SERVICE ************************** 
service secure-transfer 
  ip address 2.2.2.2 
  keepalive type none 
  type redirect 
  no prepend-http 
  domain https://www.cisco.com 
  active 

service regular-server1 
  ip address 10.2.3.4  
  active  

service regular-server2  
  ip address 10.2.3.5  
  active  

!*************************** OWNER *************************** 

owner CSS-Team 

  content default-redirect 
    vip address 206.25.90.84 
    protocol tcp 
    port 80 
    url "/*" 
    add service secure-transfer 
    active 

  content ssl-rule 
    vip address 206.25.90.84 
    protocol tcp 
    port 443 
    add service regular-server1 
    add service regular-server2 
    active

This example demonstrates a site that is required to operate over HTTPS exclusively. If a user comes into the site using HTTP, the CSS sends the user an HTTP redirect to come back in via HTTPS.

This example makes use of the domain and no prepend-http commands in the service.

The domain command replaces the domain portion of the original request with the domain specified in the service. It retains any URL (path and filename) information. This is useful when you need to redirect any request to a specific site, and need to preserve the requested filename.

By default, the CSS prepends http:// before any redirect it sends from a service. If you need to have the CSS prepend HTTPS://, then it needs to be entered on the domain line. When this is done, it is also necessary to turn on the default prepending string by issuing the no prepend-http command.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Mar 03, 2006
Document ID: 41840