Users are lazy 😉 and prefer to not enter https:// in front of the FQDN. They think that should happen automatically.
Using a Netscaler, everything is possible. I’ve been working with a colleague from Citrix “Magnus Esse” and he came up with an alternativ solution for configuring HTTP-HTTPS-REDIRECTION.
This is what we need to configure to make this working:
1. Responder Action
2. Responder Policy
3. Load balancing Server
4. Load balancing Service
5. Load Balancing vServer
So Lets Start:
1. Create a Responder action by giving it a name (http-https-act), Type: “Redirect”, target expression: “https:/”+HTTP.REQ.HOSTNAME+”/” and make sure you tick the Bypass Safety Check
This action will just snap up the FQDN the lazy user enters in the broiwser URL field and just put a https:// in front of it and send it back to the client as a temporary redirect with response type 302 or you could even configure a permanent redirect (301 response)
2. Create a Responder policy by giving it a name (http-https-pol), bind it to the action you just created (http-https-act) and use the expression true to make it hit on all entered FQDNs or just configure a specific FQDN for the redirection by using the following expression HTTP.REQ.HOSTNAME.STARTWITH(“FQDN”)
3. Let’s move over to the (Load Balancing – Servers node) and create a fake server using an IP in the APIPA adress space 169.254.0.1 – 169.254.0.254 if you are planning implementing this alternativ solution in a production envirenmont.
Add a new server, give it a name (Fake-HTTP-HTTPS-Server) and chose an IP from the range.
4. Now, move up a little bit and create a Fake service (Fake-HTTP-HTTPS-Service) in the services node using the HTTP protocol, port 80, and use the fake server you created in previous step.
5. At last, It is time to create a Load balancing Virtual Server by giving it a name (LBvServer-HTTP-HTTPS) with HTTP protocol, port 80 and allocate an IP for it. Hit the Services tab and link the (Fake-HTTP-HTTPS-Service) you created in previous step, then hit Policies tab, Responder and link the Responder policy (http-https-pol) to it.
By now, The load balancing server will redirect all your lazy users to the AGEE on port 443 with a 301 response.
Attention: You can configure this using the content switching feature as well, but you’ll need a more expensive license for it.