ADC

Rewrite ports and protocols for HTTP redirection

Virtual servers and the services that are bound to them might use different ports. When a service responds to an HTTP connection with a redirect, you might need to configure the Citrix ADC appliance to modify the port and the protocol to make sure that the redirection goes through successfully. You do this by enabling and configuring the redirectPortRewrite setting.

This setting affects only HTTP and HTTPS traffic. If this setting is enabled on a virtual server, the virtual server rewrites the port on redirects, replacing the port used by the service with the port used by the virtual server.

If the virtual server or service is of type SSL, you must enable SSL redirect on the virtual server or service. If both the virtual server and service are of type SSL, enable SSL redirect on the virtual server.

The redirectPortRewrite setting can be used in the following scenarios:

  • The virtual server is of type HTTP and the services are of type SSL.
  • The virtual server is of type SSL and the services are of type HTTP.
  • The virtual server is of type HTTP and the services are of type HTTP.
  • The virtual server is of type SSL and the services are of type SSL.

Scenario 1: The virtual server is of type HTTP and services are of type SSL. SSL redirect, and optionally port rewrite, is enabled on the service. If port rewrite is enabled, the port of HTTPS URLs is rewritten. HTTP URLs from the server are sent as is to the client.

Only SSL redirect is enabled. The virtual server can be configured on any port. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com:444/

SSL redirect and port rewrite are enabled. The virtual server is configured on port 80. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com/

SSL redirect and port rewrite are enabled. Virtual server is configured on port 8080. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ http://domain.com:8080/
https://domain.com:444/ http://domain.com:8080/

Scenario 2: The virtual server is of type SSL and services are of type HTTP. If port rewrite is enabled, only the port of HTTP URLs is rewritten. HTTPS URLs from the server are sent as is to the client.

SSL redirect is enabled on the virtual server. The virtual server can be configured on any port. See the following table.

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ https://domain.com/
http://domain.com:8080/ https://domain.com:8080/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com:444/

SSL redirect and port rewrite are enabled on the virtual server. The virtual server is configured on port 443. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ https://domain.com/
http://domain.com:8080/ https://domain.com/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com:444/

SSL redirect and port rewrite are enabled. The virtual server is configured on port 444. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ https://domain.com:444/
http://domain.com:8080/ https://domain.com:444/
https://domain.com/ https://domain.com/
https://domain.com:445/ https://domain.com:445/

Scenario 3: The virtual server and service are of type HTTP. Port rewrite must be enabled on the virtual server. Only the port of HTTP URLs is rewritten. HTTPS URLs from the server are sent as is to the client.

The virtual server is configured on port 80. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com:444/

The virtual server is configured on port 8080. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com:8080/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ https://domain.com/
https://domain.com:445/ https://domain.com:445/

Scenario 4: The virtual server and service are of type SSL. If port rewrite is enabled, only the port of HTTPS URLs is rewritten. HTTP URLs from the server are sent as is to the client.

SSL redirect is enabled on the virtual server. The virtual server can be configured on any port. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com:444/

SSL redirect and port rewrite are enabled on the virtual server. The virtual server is configured on port 443. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ https://domain.com/
https://domain.com:444/ https://domain.com/

SSL redirect and port rewrite are enabled on the virtual server. The virtual server is configured on port 444. See the following table:

Redirect URL from the Server Redirect URL sent to the Client
http://domain.com/ http://domain.com/
http://domain.com:8080/ http://domain.com:8080/
https://domain.com/ https://domain.com:444/
https://domain.com:445/ https://domain.com:444/

To configure HTTP redirection on a virtual server by using the CLI

At the command prompt, type:

set lb vserver <name> -redirectPortRewrite (ENABLED | DISABLED)
<!--NeedCopy-->

Example:

set lb vserver Vserver-LB-1 -redirectPortRewrite enabled
<!--NeedCopy-->

To configure HTTP redirection on a virtual server by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers.
  2. Open the virtual server, and in the Advanced Settings pane, click Traffic Settings, and then select Rewrite.

To configure SSL Redirect on an SSL virtual server or service by using the CLI

At the command prompt, type:

set ssl vserver <vServerName> - sslRedirect (ENABLED | DISABLED)

set ssl service <serviceName> - sslRedirect (ENABLED | DISABLED)
<!--NeedCopy-->

Example:

set ssl vserver Vserver-SSL-1 -sslRedirect enabled

set ssl service service-SSL-1 -sslRedirect enabled
<!--NeedCopy-->

To configure SSL redirection and SSL port rewrite on an SSL virtual server or service by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers, and open the virtual server.
  2. In Advanced Settings, click SSL Parameters, and select SSL Redirect.
Rewrite ports and protocols for HTTP redirection