How to Secure Web Access by Redirecting HTTP URLs to HTTPS URLs on a NetScaler Appliance Using Content Switching

How to Secure Web Access by Redirecting HTTP URLs to HTTPS URLs on a NetScaler Appliance Using Content Switching

book

Article ID: CTX117344

calendar_today

Updated On:

Description

This article contains information about configuring URL redirection for Secure Socket Layer (SSL) on a NetScaler appliance.

At times, to ensure a secure access to the Web site, the client request can be redirected to a secure link. The URL redirection feature enables to redirect a client request to a secure Web site on SSL.

To redirect client requests, configure the two Load Balancing virtual servers (VServers) in such a way that when the HTTP requests reach the first Load Balancing VServer, which is always down, the requests are redirected to the second Load Balancing VServer with HTTPS request due to the Content Switching policy configured on the appliance.

Instructions

To configure URL redirection for SSL on a NetScaler appliance, complete the following procedure:

  1. If not already enabled, run the following command from the command line interface of the NetScaler appliance to enable the Content Switching feature:

    enable ns feature CS

  2. Run the following commands to create two Load Balancing VServers:

    add lb vserver <First_LB_Server_Name> HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
    add lb vserver <Second_LB_Server_Name> HTTP 0.0.0.0 0 -persistenceType NONE -state DISABLED -redirectURL https://www.example.com/ -cltTimeout 180

    The following screen shots display the corresponding VServers created from the GUI of the appliance:

    User-added image

    User-added image

    Note: One of these VServers serves all the client requests and the other only performs URL redirection. The second VServer is disabled because the sole purpose of the VServer is to redirect URLs.

  3. Run the following commands to create Content Switching VServers:

    add cs vserver <CS_HTTP_VSERVER_Name> HTTP 1.1.1.1 80
    add cs vserver <CS_SSL_VSERVER_Name> SSL 1.1.1.1 443

    Note: If you have already created a Load Balancing VServer with the same IP address and port number, you must remove it before completing this step.

  4. Run the following commands to bind the respective Load Balancing and Content Switching VServers created in this procedure:

    bind cs vserver <CS_HTTP_VSERVER_Name> <Second_LB_Server_Name>
    bind cs vserver <CS_SSL_VSERVER_Name> <First_LB_Server_Name>

    The following screen shots display the corresponding bindings of the VServers from the GUI of the appliance, which must be removed before completing this step:

    User-added image

    User-added image

    Note: In addition to the server, you must bind the appropriate services to the Load Balancing VServers and the SSL key certificate pairs to the SSL Content Switching VServer.

Issue/Introduction

This article contains information about configuring URL redirection for Secure Socket Layer (SSL) on a NetScaler appliance.

Additional Information

For Configuration Utility Changes for NetScaler 10.1 refer Citrix eDocs - Configuration Utility Changes.
http://docs.citrix.com/en-us/netscaler/10-5/ns-rn-main-wrapper-10-5-con/gui-changes-ns-10-5.html

Powered by Wolken Software