14-88
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
14






Configuring

Traffic

Policies
Configuring
Actions

Lists
Step
6
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this

configuration

on

t

he
ACE
and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.


Click
Cancel
to
exit

this

procedure

without
saving
your

entries.


Click
Next
to

save

your
entries.
Related
Topics
Setting
Policy

Map

Rules

and

Actions

for

Layer

7

Server

Load-Balancing

Traffic,

page

14-61 ,
Ta
b

l

e


14-26
Configuring
SSL

URL

Rewrite
You
can

configure

an

HTTP

header

modify

action

list

that

performs

SSL

URL

rewrite.
When
a

client

sends

encrypted

traffic

to

the

ACE

in

an

SSL

termination

configuration,

the

ACE
terminates
the

SSL

traffic

and

then

sends

clear

text

to

the

server.

Because

the

server

is

unaware

of

the
encrypted
traffic

flowing

between

the

client

and

the

ACE,

the

server

may

return

to

the

client

a

URL

in
the
Location

header

of

HTTP

redirect

responses

(301:

Moved

Permanently

or

302:

Found)

in

the

form
http://www.cisco.com
instead

of

https://www.cisco.com.

In

this

case,

the

client

makes

a

request

to

the
unencrypted
insecure

URL,

even

though

the

original

request

was

for

a

secure

URL.

Because

the

client
connection
changes

to

HTTP,

the

requested

data

may

not

be

available

from

the

server

using

a

clear

text
connection.
To
solve

this

problem,

the

ACE

provides

SSLURL

rewrite,

which

changes

the

redirect

URL

from

http://
to
https://

in

the

Location

response

header

from

the

server

before

sending

the

response

to

the

client.

By
using
URL

rewrite,

you

can

avoid

nonsecure

HTTP

redirects.

All

client

connections

to

the

web

server
will
be

SSL,

ensuring

the

secure

delivery

of

HTTPS

content

back

to

the

client.

The

ACE

uses

regular
expression
matching

t

o

determine

whether

the

URL

needs

rewriting.

If

a

Lo

cation

response

header
matches
the

specified

regular

expression,

the

ACE

rewrites

the

URL.

In

addition,

the

ACE

provides
parameters
to

add

or

c

hange

the

SSL

an

d

the

cl

ear

port

numbers.
Procedure
Step
1
Choose
Config
>

Devices

>

context

>

Expert

>

HTTP

Header

Modify

Action

Lists.
The
HTTP

Header

Modify

Action

Lists

table

appears.
Step
2
In
the
HTTP

Header

Modify

Action
Lists
table,

click
Add
to

add

a

new

action

list,

or

choose

an

existing
action
l

ist

and

click

Edit

to

modify

it.
Step
3
For
a
new
action

list,

in

the

Action
List
Name

field

enter

a
unique
name
for
the

action

list.
Valid
entries

are

unquoted

text

strings

with

a

maximum

of

64

alphanumeric

characters.

Click

Deploy
Now
when

completed

to

save

the

configuration

and

display

the

editing

tabs.
Step
4
Click
the
SSL
Action

tab.
The
SSL

Action

table

ap

pears.
Step
5
In
the

SSL

Action

table,

click
Add
to

add

a

new

entry

to

the

SSL

Action

table.
The
SSL

Action

configuration

window

appears.

Enter

the

required

information

as

shown

in

Ta

b

l

e


14-36 .