Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 6
Registered: ‎12-22-2009

HTTP to HTTPS redirect (for Exchange 2010 OWA)

I am trying to redirect all http requests to https for my Exchange 2010 VIP. The ADX is configured per the Brocade document Deploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010. Relevant configuration is shown below.

I have tried to add the redirect to the existing csw-policy using match catchall redirect * * ssl and default match redirect * * ssl and it just does not seem to do anything at all.

I've also tried to create another policy with the redirect code in it, but I am unable to bind it to the http port of the virtual server because the other policy is already bound (i guess there's a limit to once csw-policy per port?)

Any help would be greatly appreciated!

csw-rule "audi" url prefix "/AUTODISCOVER" case-insensitive

csw-rule "catchall" url exists
csw-rule "cookie1" header "cookie" pattern "SERVERID=" case-insensitive
csw-rule "ecp" url prefix "/ECP" case-insensitive
csw-rule "ews" url prefix "/EWS" case-insensitive
csw-rule "oab" url prefix "/OAB" case-insensitive
csw-rule "owa" url prefix "/OWA" case-insensitive
!
csw-policy "ex2010a" case-insensitive
match "cookie1" persist offset 0 length 4 group-or-server-id
match "owa" forward 1
match "owa" rewrite insert-cookie "ServerID"
match "ecp" forward 1
match "ecp" rewrite insert-cookie "ServerID"
match "audi" persist offset 0 length 0
match "ews" persist offset 0 length 0
match "oab" persist offset 0 length 0
match "catchall" forward 1
default forward 1
default rewrite insert-cookie "ServerID"
server virtual vs1 10.x.x.x
predictor round-robin
port ssl
no port ssl sticky
port ssl ssl-proxy ex2010_clientside ex2010_serverside
port ssl csw-policy "ex2010a"
port ssl csw
port 60000
port 60000 persist-hash
port 60001
port 60001 persist-hash
port 135
port 135 persist-hash
port http
port http csw-policy "ex2010a"
port http csw
bind ssl rs1 ssl rs2 ssl rs3 ssl
bind 60000 rs1 60000 rs2 60000 rs3 60000
bind 60001 rs1 60001 rs2 60001 rs3 60001
bind 135 rs1 135 rs2 135 rs3 135
Contributor
Posts: 47
Registered: ‎07-14-2010

Re: HTTP to HTTPS redirect (for Exchange 2010 OWA)

Hi,

Change "encrypted.google.com" to your fqdn or ip address. And copy & paste followings.

---------

csw-policy "https-redirect_policy"
default redirect "encrypted.google.com" "*" ssl
server virtual vs1 10.x.x.x
no port http csw
no port http csw-policy "ex2010a"
no port http csw
port http csw-policy "https-redirect_policy"
port http csw
port ssl keep-alive

---------

Thanks.

//Kono

Occasional Contributor
Posts: 6
Registered: ‎12-22-2009

Re: HTTP to HTTPS redirect (for Exchange 2010 OWA)

@Kono-

That mostly did the trick, thanks!

For my specific purpose I was able to just use a wildcards in the csw-policy:

   csw-policy "https-redirect"
   default redirect "*" "*" ssl

Removed the old csw-policy binding from the http port and bound the new one:

   server virtual vs1

   no port http csw

   no port http csw-policy "ex2010a"

   port http csw-policy "https-redirect"

   port http csw

Here's the kicker - I didn't have my http port bound to any real servers before, so any http requests to the VS were just being dropped. I had to configure the bindings:

      bind http rs1 http rs2 http rs3 http

Now the virtual server actually listens on port http, so it can intercept the http requests and and redirect them.

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: HTTP to HTTPS redirect (for Exchange 2010 OWA)

Sounds great. By the way, I was adviced to configure "port ssl keep-alive" for 2010 OWA to work so I recommend you to configure it as well.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook