Product Documentation
ADC
14.1 - Current Release 13.1 13.0 12.1
View PDF

How to redirect HTTP request to HTTPS using responder

August 16, 2023
Contributed by:
C S

This article explains how to configure the responder feature with a load balancing virtual server IP addresses and redirect client requests from HTTP to HTTPS.

Consider a scenario, where a user might attempt to access a secure web site by sending an HTTP request. Instead of dropping the request, you might want to redirect the request to a secure web site. You can use the responder feature to redirect the request to the secure web site without changing the path and the URL query which the user attempts to access.

How Citrix ADC responder redirects a request from HTTP to HTTPS

The following illustration shows a step by step flow of how the appliance redirects a request.

Responder redirecting a request

Note: The navigation paths and screen shots are derived from NetScaler 11.0.

To configure the Responder feature along with the Load Balancing VIP addresses of a NetScaler appliance to redirect client requests from HTTP to HTTPS, complete the following procedure.

  1. Enable the responder feature on the appliance. Navigate toSystem>Settings>Configure Advanced Features>Responder.

    Enabling Responder

  2. Create a responder action and specify an appropriate name, such as, http_to_https_actn, in the Name field.
  3. To create a responder action, in the navigation pane, expandAppExpert>Responder, clickActionsand then clickAdd.
  4. Select Redirect as Type.

  5. In theExpressionfield, type the following expression:

    "https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE.

  6. In NetScaler version 9.0 and 10.0 ensure that theBypass Safety Checkoption is cleared.

    Note: This option is not present from NetScaler 11.0 onwards.

  7. CreateResponder Policyand specify an appropriate name, such as http_to_https_pol, in the Name field.
  8. To create a Responder Policy, in the navigation pane, expandAppExpert>Responder, clickPoliciesand then clickAdd.
  9. From the Action list, select the action name that you have created.
  10. From the Undefined Action list, select RESET.
  11. Type theHTTP.REQ.IS_VALIDexpression in theExpressionfield as shown in the following screen shot.

Create Responder policy

  1. Create a monitor for which the status is always marked as UP and specify an appropriate name, such as localhost_ping, in the Name field.
  2. To create a monitor, in the navigation pane expandLoad Balancing, clickMonitorsand then clickAdd.

  3. In theDestination IPfield, specify the 127.0.0.1 IP address, as shown in the following screen shot.

    Configure monitor

  4. Create a service and specify an appropriate name, such as Always_UP_service, in theNamefield.
  5. To create a service, in the navigation pane, expandLoad Balancing, clickServicesand then clickAdd.

  6. Specify a non-existent IP address in theServerfield.

    Configure monitor

  7. Specify 80 in thePortfield.
  8. Add the created monitor from theAvailable Monitorslist.
  9. Create a Load Balancing Virtual Server and specify an appropriate name in theNamefield.
  10. To create a Load Balancing Virtual Server, in the navigation pane, expandLoad Balancing, clickServicesand then clickAdd.
  11. Specify the IP address of the web site in IP Address field.
  12. Select HTTP from the Protocol list.
  13. Type 80 in the Port field.

  14. On NetScaler version 9.0 and 10.0, select the Active option for the service you have created in the Services tab as shown in the following screen shot. This option is deprecated in NetScaler version 11.0.

    Select Action option

  15. Click thePoliciestab.
  16. Bind the Responder policy you created to the HTTP Load Balancing VIP address of the web site.
  17. Create a secure Load Balancing virtual server that has the IP address of the web site and port as 443.

To create a configuration similar to the preceding procedure from the command line interface of the appliance, run following commands:

enable ns feature responder add responder action http_to_https_actn redirect "\"https://\" + http.req.hostname.HTTP_URL_SAFE + http.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE" add responder policy http_to_https_pol HTTP.REQ.IS_VALID http_to_https_actn RESET add lb monitor localhost_ping PING -LRTM ENABLED -destIP 127.0.0.1 add service Always_UP_service 1.2.3.4 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip ENABLED dummy -usip NO -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES bind lb monitor localhost_ping Always_UP_service add lb vserver http_site.com HTTP 10.217.96.238 80 -persistenceType COOKIEINSERT -timeout 0 -cltTimeout 180 bind lb vserver http_site.com Always_UP_service bind lb vserver http_site.com -policyName http_to_https_pol -priority 1 -gotoPriorityExpression END

Notes:

  • The status of the port 80 Load Balancing Redirect virtual server must be UP for the redirect to work.
  • Web browsers might not redirect correctly if the HTTPS virtual server is not active.
  • This redirect setup allows for situations where multiple domains are bound to the same IP address.
  • If the client sends an invalid HTTP request to the redirect virtual server, then the appliance sends a RESET message code.
How to redirect HTTP request to HTTPS using responder
August 16, 2023
Contributed by:
C S
August 16, 2023
Contributed by:
C S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.