Redirecting HTTP requests to HTTPS

This application note is intended to help you implement the transparent redirection of HTTP requests to HTTPS via the ALOHA Load Balancer solution.


Objective

Replace an http url with https


Constraints

In order to rewrite requests, you may need to understand regular expressions


Complexity

2


Versions

v3.x and later

ALOHA load balancer Redirecting HTTP requests to HTTPS


Target network diagram


ALOHA 5.5.x and above

ALOHA 5.5 and above also include the options “redirect location” and “redirect prefix” described in the next chapter.

However, the option below is purposely made for scheme changes:

redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]

For the ALOHA 5.5.4 and above, it is recommended to use the corresponding http-request function:

http-request redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]

Return an HTTP redirection if a condition is met. If no condition is specified, the redirection is applied to all requests.

Arguments:

scheme: the Location header is exactly the same as the request URL, but the scheme is turned into <sch>.

<code> The code is optional. It indicates which HTTP redirection type is required. Only codes 301, 302 and 303 are managed. Code 302 is used if no other code is specified.

<option> You can specify several options in order to adapt the expected behavior of a redirection:

“drop-query”
When this option is used with a redirection based on the prefix, the location will be set without any additional query string.

“append-slash”
Use this option in conjunction with “drop-query” in order to redirect users who specified a URL which does not end with “/”. This may be useful to ensure search engines see only one URL.

“set-cookie NAME [=value]”
A “set-cookie” header will be added to the response with a name (and “= value” as required). This method is used occasionally to specify that a user has been seen. If no additional options are added, then the cookie will be a session cookie.

“clear-cookie NAME [=]”
A “set-cookie” header will be added with a name (and “=” as required), but with “Max-Age” set to zero. This option tells the browser to delete this cookie.


LB Level7 configuration example

######## The first public address as seen by the clients
frontend frt
	bind 10.0.32.10:80
	bind 10.0.32.10:443 ssl crt www.domain.com
	mode http
	log global # use global log parameters
	option httplog # Enable HTTP logging
	# Detect HTTPS protocol
	acl https ssl_fc
	# Detect the folder to secure
	acl sensitive_folder path_beg /secure
	# Redirect "http" to "https"
	redirect scheme https if !https sensitive_folder
	# Redirect "https" to "http"
	redirect scheme http if https !sensitive_folder
	maxconn 4000 # max conn per instance
	timeout client 25s # maximum client idle time (ms)
	default_backend bck # send everything to this backend by default

ALOHA 3.0.x to 5.0.x

Redirect location <to> [code <code>] <option> [{if | unless} <condition>]
Redirect prefix <to> [code <code>] <option> [{if | unless} <condition>]

Return an HTTP redirection if a condition is met. If no condition is specified, the redirection is applied to all requests.

Arguments:

location: the <to> string is placed in the “Location” header of the HTTP redirection response.

prefix: the “Location” header of the HTTP redirection response is created by concatenating the <to> string and the complete URL from the request

<code> The code is optional. It indicates which HTTP redirection type is required. Only codes 301, 302 and 303 are managed. Code 302 is used if no other code is specified.

<option> You can specify several options in order to adapt the expected behavior of a redirection:

“drop-query”
When this option is used with a redirection based on the prefix, the location will be set without any additional query string.

“append-slash”
Use this option in conjunction with “drop-query” in order to redirect users who specified a URL which does not end with “/”. This may be useful to ensure search engines see only one URL.

“set-cookie NAME [=value]”
A “set-cookie” header will be added to the response with a name (and “= value” as required). This method is used occasionally to specify that a user has been seen. If no additional options are added, then the cookie will be a session cookie.

“clear-cookie NAME [=]”
A “set-cookie” header will be added with a name (and “=” as required), but with “Max-Age” set to zero. This option tells the browser to delete this cookie.


LB Level7 configuration example

######## The first public address as seen by the clients
frontend frt
	bind 10.0.32.10:80
	bind 127.1.0.1:1 # ALOHA 3.0 to 3.6
	bind /ssl:frt # ALOHA 3.7 to 5.0
	mode http
	log global # use global log parameters
	option httplog # Enable HTTP logging
	# Detect the HTTP port
	acl http dst_port 80
	# Detect the folder
	acl folder path_dir secure
	acl https dst_port 1
	# Redirect "http" to "https"
	redirect prefix https://www.mysite.com if http folder
	# Redirect "https" to "http"
	redirect prefix http://www.mysite.com if https !folder
	maxconn 4000 # max conn per instance
	timeout client 25s # maximum client idle time (ms)
	default_backend bck # send everything to this backend by default

Related articles

Writing condition rules

To know how to create rules which allow (or not) the redirection, please read the application note #0057 – http Request Routing.