Transcription

CONFIGURE HTTP TO HTTPS REDIRECTON A10 THUNDER

HTTP to HTTPS RedirectTABLE OFCONTENTSINTRODUCTION . 1CONFIGURATION EXAMPLES . 2Example 1: Configure at the VIP port level . 2Example 2: Configure using HTTP Template . 3Example 3: Configure using TCL aFLeX . 5SUMMARY . 6Helpful links: . 6ABOUT A10 NETWORKS . 7i

HTTP to HTTPS RedirectINTRODUCTIONA common practice for application delivery design is to use an HTTP to HTTPS redirect to force clientcommunication over SSL. Flexibility and usability are key advantages to setting up an HTTP to HTTPSredirect on A10 Networks Thunder platform.User11Unsecured HTTP request:http://www.a10example.comRedirect response3Secured HTTPS request:https://www.a10example.comA10 Networks Thunder42SSL OffloadRedirects HTTP to HTTPSWeb serverUser1Figure 1. A10 Thunder sends HTTP to HTTPS redirectFrom Figure 1 above:1.User1 types the URL http://www.a10example.com, the request is forwarded to the A10 Thunderdevice.2.The A10 Thunder device sends an HTTP redirect, such as an HTTP status code 302 response,to User1’s web browser instructing it to send the request to https//www.a10example.com.3.User1 sends the secured request, https://www.a10example.com to the A10 Thunder.4.The A10 Thunder device offloads the HTTPS client connection, and forwards the web request tothe web server.This article explores the different configuration options to enable a redirect on the A10 Thunder platformusing the GUI, CLI, and TCL aFleX scripts. The A10 Thunder device in the following examples has a virtualserver (VIP1) with HTTP and HTTPS virtual ports already configured.1

HTTP to HTTPS RedirectCONFIGURATION EXAMPLESEXAMPLE 1: CONFIGURE AT THE VIP PORT LEVELWith this option, the A10 Thunder device responds with HTTP status code 302 for the HTTP to HTTPSredirect.1.Log in to the A10 Thunder GUI management interface.a. Select ADC SLB Virtual Servers.b. Select the plus sign denoted in the red box to expand the Virtual Servers view.c. Select Edit to configure port 80 for VIP1 shown below.2.The virtual port screen appears.a.b.c.Select Advanced Fields to expand the options.Select Redirect to Https. Select Update at the bottom of the screen.Select Update in the Virtual Servers screen.2

HTTP to HTTPS RedirectThe CLI example below configures an HTTP to HTTPS redirect at the VIP port level:ACOS#config tACOS(config)#slb virtual-server VIP1ACOS(config-slb vserver)#port 80 httpACOS(config-slb vserver-vport)#redirect-to-httpsEXAMPLE 2: CONFIGURE USING HTTP TEMPLATEWith this option, the A10 Thunder device can respond with different HTTP status codes or alter the locationvalue, depending on the requirement.1.Log in to the A10 Thunder GUI management interface.a. Select ADC SLB Virtual Serversb. Select the plus sign denoted in the red box to expand the Virtual Servers view.c. Select Edit to configure port 80 for VIP1 shown below2.The Virtual port screen appears.a. Select Add adjacent to Template HTTP.3

HTTP to HTTPS Redirect3.The HTTP Template screen appears.a. Enter a Name of the HTTP template.b. Select Redirect tab as shown in the red box to expand the window.c. To change the default response code, for example, select 307 Temporary Redirect.d. Additional options include redirecting to a different SSL port or changing the locationvalue for the redirect. Select Create.e. Select Update in the Virtual Port screen.f. Select Update in the Virtual Server screen.Below is a CLI example to configure an HTTP template for an HTTP to HTTPS redirect and binds it to thevirtual server port. It changes redirect HTTP response code to 307.ACOS#config tACOS(config)#slb template http 307-http-https-redirectACOS(config-http)#redirect response-code 307ACOS(config-http)#slb virtual-server VIP1ACOS(config-slb vserver)#port 80 httpACOS(config-slb vserver-vport)#template http 307-http-https-redirect4

HTTP to HTTPS RedirectEXAMPLE 3: CONFIGURE USING TCL AFLEXWith this option, the A10 Thunder device can be configured using the aFleX scripting language for an HTTP toHTTPS redirect. The most flexible option for a redirect, the following aFleX scripts are described below:A simple redirect for HTTPS uses the default redirect 302 response code. The following aFleX is included onthe A10 Thunder device called Redirect1. To view or create an aFleX script, log in to the ACOS device.1.2.3.Select ADC aFleX.The aFleX examples appear.Select Redirect1 to view an example of the pre-installed aFleX scripts.when HTTP REQUEST {HTTP::redirect https://[HTTP::host][HTTP::uri]}To check the absolute URL “www.a10example.com” and redirect with a permanent 301 response code.when HTTP REQUEST {if {[HTTP::host] equals "www.a10example.com”} {HTTP::respond 301 Location "https://www.a10example.com/login[HTTP::uri]"}}The following aFleX sends a redirect and sets a cookie with the value set to the client’s IP country origin. TheaFleX script checks a geo-location database on the ACOS device with the client’s IP address to find thecorresponding country origin. In this example, the response for the cookie attributes are; name a10cookie,value country code, for example, value US, path /, domain a10networks.com, and the redirect locationheader set to https://a10example.com.when HTTP REQUEST {set country "[lindex [whereis [IP::client addr]] 0]"set cookie [format "%s %s; path /; domain %s" a10cookie country ".a10example.com"]HTTP::respond 302 Location "https://a10example.com" "Set-Cookie" cookie}5

HTTP to HTTPS RedirectBINDING THE AFLEX TO THE VIP PORTBind the aFleX to VIP1 port 80. Navigate to VIP1.1.2.3.4.5.6.Select ADC SLB Virtual Servers.Select VIP1.Select Edit for port 80, protocol HTTP.Select Advanced Fields and check the aFleX script.Select Update to bind the aFleX script.Select Update to update the Virtual Server.SUMMARYThere are many ways to configure an HTTP to HTTPS redirect on the A10 Thunder platform whichautomatically forces the user to use HTTPS. A10 Networks accomplishes this with flexible options toaddress the entire range of requirements, from basic configuration templates to complex aFleX scriptingsolutions.HELPFUL LINKS:An A10 Networks registered support account is required to access the documentation.For the complete ADC configuration guide refer to the following link:https://documentation.a10networks.com/ADCFor the aFleX scripting guide refer to the following r the GSLB guide for geo-location configuration refer to the following link:https://documentation.a10networks.com/GSLB6

ABOUT A10 NETWORKSA10 Networks (NYSE: ATEN) is a Secure Application Services company, providing a range of high-performance applicationnetworking solutions that help organizations ensure that their data center applications and networks remain highlyavailable, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customersglobally with offices worldwide.For more information, visit: a10networks.com or tweet @a10NetworksLEARN MOREABOUT A10 NETWORKSCONTACT US 2018 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo,ACOS, A10 Thunder, A10 Lightning, A10 Harmony and SSL Insight are trademarks orregistered trademarks of A10 Networks, Inc. in the United States and other countries.All other trademarks are property of their respective owners. A10 Networks assumesno responsibility for any inaccuracies in this document. A10 Networks reserves theright to change, modify, transfer, or otherwise revise this publication without notice.For the full list of trademarks, visit: /contact7

A10 Networks (NYSE: ATEN) is a Secure Application Services company, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10