Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

511

512

513

514

515

516

517

518

519

520

12-94

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 12 Configuring Traffic Policies

Configuring Actions Lists

Step 7 Do the following:

• Click Deploy Now to deploy this configuration on the ACE appliance.

• Click Cancel to exit this procedure without saving your entries.

• Click Next to save your entries.

Related Topics

• Setting Policy Map Rules and Actions for Layer 7 Server Load-Balancing Traffic, page 12-46,

Table 12-20

Configuring SSL URL Rewrite

Note The SSL URL rewrite feature does not apply to the ACE NPE software image (see the “Information

About the ACE No Payload Encryption Software Version” section on page 1-2).

When a client sends encrypted traffic to the ACE in an SSL termination configuration, the ACE

terminates the SSL traffic and then sends clear text to the server. Because the server is unaware of the

encrypted traffic flowing between the client and the ACE, the server may return to the client a URL in

the Location header of HTTP redirect responses (301: Moved Permanently or 302: Found) in the form

http://www.cisco.com instead of https://www.cisco.com. In this case, the client makes a request to the

unencrypted insecure URL, even though the original request was for a secure URL. Because the client

connection changes to HTTP, the requested data may not be available from the server using a clear text

connection.

To solve this problem, the ACE provides SSLURL rewrite, which changes the redirect URL from http://

to https:// in the Location response header from the server before sending the response to the client. By

using URL rewrite, you can avoid nonsecure HTTP redirects. All client connections to the web server

will be SSL, ensuring the secure delivery of HTTPS content back to the client. The ACE uses regular

expression matching to determine whether the URL needs rewriting. If a Location response header

matches the specified regular expression, the ACE rewrites the URL. In addition, the ACE provides

parameters to add or change the SSL and the clear port numbers.

Use this procedure to configure an HTTP header modify action list that performs SSL URL rewrite.

Procedure

Step 1 Choose Config > Virtual Contexts > context > Expert > Action Lists > HTTP Header Modify

Action Lists. The HTTP Header Modify Action List table appears.

Step 2 Click Add to add a new HTTP header modify action list, or select an existing action list, and then click

Edit to modify it.

Step 3 For a new action list, in the Action List Name field enter a unique name for the HTTP header modify

action list. Valid entries are unquoted text strings with a maximum of 64 alphanumeric characters.

Step 4 Select the SSL Action tab. The SSL Action table appears.

Step 5 Click Add to add a new entry to the SSL Action table. The SSL Action configuration screen appears.

Enter the required information as shown in Table 12-36.