We want to force all users to use SSL instead of http, and redirect any incoming HTTP traffic to HTTPS (from port 80 to port 443).
We will use the REDIRECT rule. The syntax of the redirect rules require that the "domain-name", "URL" and the port is specified. Optionally, you can use '*' to signify the same value as request. We are using * for both domain-name and URL, and 443 for the port.
We use a default rule in a csw-policy and apply it on port http. By doing this, we will ensure that all incoming http traffic will hit the default policy and the redirect-message will be sent to the browser. Browser will then send traffic via https/443
In this example, we have a VIP listening on SSL running in SSL terminate or SSL proxy mode.
GET /dummypage.html HTTP/1.1\r\n
HTTP/1.1 302 Moved Temporarily\r\n
ssl profile sslprofile
default redirect * * 443
server real RS1 10.1.1.100
port 180 no-health-check
server virtual vip1 10.1.1.100
port http csw-policy p1
port http csw
bind http RS1 180
port ssl ssl-terminate sslprofile
bind ssl RS1 http
Note: The example above has created a dummy port (180) on one of the real servers with no-health-check. Port SSL under the virtual server is bound to the http port on the real servers. To assign a CSW policy, you must have the VIP port bound to a real server port. As vip-ssl port is bound to real-http port already, we will use a dummy port (180) to bind vip-http port to real-180 port allowing us to assign that re-direct policy. This does not require any configuration changes on the actual real server.
ServerIron# show server bind vip1
Virtual server: vip1 Status: enabled IP: 10.1.1.10
SSL -------> RS1: 10.1.1.20, http (Active)
http -------> RS1: 10.1.1.20, 180 (Active) <--(DUMMY PORT)
If doing SSL termination/SSL offload on ServerIron ADX, ensure you are using at least ADX OS >= 12.1.