Redirecting HTTP requests to HTTPS
This application note is intended to help you implement the transparent redirection of HTTP requests
to HTTPS via the ALOHA Load Balancer solution.
Objective
Replace an http url with https
Constraints
In order to rewrite requests, you may need to understand regular expressions
Complexity
2
Versions
v3.x and later
ALOHA load balancer
Redirecting HTTP requests to HTTPS
Target network diagram
ALOHA 5.5.x and above
ALOHA 5.5 and above also include the options “redirect location” and “redirect prefix” described in the next chapter.
However, the option below is purposely made for scheme changes:
redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]
For the ALOHA 5.5.4 and above, it is recommended to use the corresponding http-request function:
http-request redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]
Return an HTTP redirection if a condition is met. If no condition is specified, the redirection is applied to all requests.
Arguments:
scheme: the Location header is exactly the same as the request URL, but the scheme is turned into <sch>.
<code> The code is optional. It indicates which HTTP redirection type is required. Only codes 301, 302 and 303 are managed. Code 302 is used if no other code is specified.
<option> You can specify several options in order to adapt the expected behavior of a redirection:
“drop-query”
When this option is used with a redirection based on the prefix, the location will be set without any additional query string.
“append-slash”
Use this option in conjunction with “drop-query” in order to redirect users who specified a URL which does not end with “/”. This may be useful to ensure search engines see only one URL.
“set-cookie NAME [=value]”
A “set-cookie” header will be added to the response with a name (and “= value” as required). This method is used occasionally to specify that a user has been seen. If no additional options are added, then the cookie will be a session cookie.
“clear-cookie NAME [=]”
A “set-cookie” header will be added with a name (and “=” as required), but with “Max-Age” set to zero. This option tells the browser to delete this cookie.
LB Level7 configuration example
######## The first public address as seen by the clients frontend frt bind 10.0.32.10:80 bind 10.0.32.10:443 ssl crt www.domain.com mode http log global # use global log parameters option httplog # Enable HTTP logging # Detect HTTPS protocol acl https ssl_fc # Detect the folder to secure acl sensitive_folder path_beg /secure # Redirect "http" to "https" redirect scheme https if !https sensitive_folder # Redirect "https" to "http" redirect scheme http if https !sensitive_folder maxconn 4000 # max conn per instance timeout client 25s # maximum client idle time (ms) default_backend bck # send everything to this backend by default
ALOHA 3.0.x to 5.0.x
Redirect location <to> [code <code>] <option> [{if | unless} <condition>]
Redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]
Return an HTTP redirection if a condition is met. If no condition is specified, the redirection is applied to all requests.
Arguments:
location: the <to> string is placed in the “Location” header of the HTTP redirection response.
prefix: the “Location” header of the HTTP redirection response is created by concatenating the <to> string and the complete URL from the request
<code> The code is optional. It indicates which HTTP redirection type is required. Only codes 301, 302 and 303 are managed. Code 302 is used if no other code is specified.
<option> You can specify several options in order to adapt the expected behavior of a redirection:
“drop-query”
When this option is used with a redirection based on the prefix, the location will be set without any additional query string.
“append-slash”
Use this option in conjunction with “drop-query” in order to redirect users who specified a URL which does not end with “/”. This may be useful to ensure search engines see only one URL.
“set-cookie NAME [=value]”
A “set-cookie” header will be added to the response with a name (and “= value” as required). This method is used occasionally to specify that a user has been seen. If no additional options are added, then the cookie will be a session cookie.
“clear-cookie NAME [=]”
A “set-cookie” header will be added with a name (and “=” as required), but with “Max-Age” set to zero. This option tells the browser to delete this cookie.
LB Level7 configuration example
######## The first public address as seen by the clients frontend frt bind 10.0.32.10:80 bind 127.1.0.1:1 # ALOHA 3.0 to 3.6 bind /ssl:frt # ALOHA 3.7 to 5.0 mode http log global # use global log parameters option httplog # Enable HTTP logging # Detect the HTTP port acl http dst_port 80 # Detect the folder acl folder path_dir secure acl https dst_port 1 # Redirect "http" to "https" redirect prefix https://www.mysite.com if http folder # Redirect "https" to "http" redirect prefix http://www.mysite.com if https !folder maxconn 4000 # max conn per instance timeout client 25s # maximum client idle time (ms) default_backend bck # send everything to this backend by default
Related articles
Writing condition rules
To know how to create rules which allow (or not) the redirection, please read the application note #0057 – http Request Routing.
