Cisco ACE re-writing a URL on the fly

This post was the outcome of an issue where a redirection or a re-write of a URL had to be carried out on the fly. The server in this instance was running a webservice on http which re-directed itself to https. The site had a certificate (ideally a SAN certificate would have been the correct implementation) and we had to present the alternative name to the client. In summary, client goes to website A ( this resolves to the IP of VIP which has a server running website B ( The website has a certificate for only website B. We will re-write the url through the ACE and bypass the client seeing an invalid certificate.

<< Man in the Middle ??>>

# rserver host TOAST-SVR
# ip address
# inservice
# serverfarm host TOAST-SFARM
# failaction reassign
# predictor leastconns
# rserver TOAST-SVR
# inservice
# sticky ip-netmask address both TOAST-STICKY
# timeout 60
# replicate sticky
# serverfarm TOAST-SFARM
# action-list type modify http HTTP_CHEESE-on-TOAST_REWRITE
# header rewrite request Host header-value “” replace “”
# class-map match-any CHEESE-VIP
# 2 match virtual-address tcp eq www
# 4 match virtual-address tcp eq https
# policy-map type loadbalance first-match SLB-CHEESE-POLICY
# description Filter traffic matching the VIP
# class class-default
# sticky-serverfarm TOAST-STICKY
# Policy <<abridged>>
# class CHEESE-VIP
# loadbalance vip inservice
# loadbalance policy SLB-CHEESE-POLICY
# loadbalance vip icmp-reply active
# nat dynamic 200 vlan 100


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s