Skip to content

HTTP Redirection

Introduction

About this Document

In this document, we explain how to configure the reverse proxy to automatically redirect HTTP traffic to HTTPS. When you add an SSL certificate to your website, the URL scheme used by visitors changes from HTTP to HTTPS. The S means that the connection is secure. After adding an SSL certificate, you can redirect all HTTP requests to the HTTPS version of your site. For example, if someone visits http://www.example.com/ they will automatically be redirected to https://www.example.com/

Configuration Overview

  • Create the HTTPS reverse proxy entry as explained in the reverse proxy manual (port 443).

  • Select the newly created entry and click on edit as new.

  • Add a new HTTP entry for the same application server (port 80). Don’t add certificates and make sure to disable secure connections.

  • Select the Security tab. Under Request Filtering find the Allowed Requests field.

  • Copy and paste the following text into the Allowed Requests field:

/(.*) https://www.example.com/$1 [R=301,L]

Replace www.example.com with your own FQDN.

Step-by-step Configuration Example

Creating the HTTPS Entry

  1. Log in to your AXS Guard appliance.

  2. Go to Reverse Proxy > HTTP(S) > Servers and click on add new.

  3. Enter the connection settings as shown in the example below.

    HTTPS Entry Connection Settings

  4. Configure the server certificate.

  5. Select the appropriate authentication types and save your configuration.

    HTTPS Entry Certificate Configuration

Creating the HTTP Redirect Entry

  1. Select the HTTPS entry that was previously created and click on edit as new.

  2. Update the configuration as shown in the example below (change the AXS Guard TCP port number to 80).

    HTTP Entry Connection Settings

  3. Disable secure connections.

  4. Copy and paste the following text into the Allowed Requests field:

    `/(.*) https://www.example.com/$1 [R=301,L`]

  5. Replace www.example.com with your own FQDN.

  6. Save your configuration.

    HTTP Entry Security Settings

Connection Overview

You should now see two entries for the same server:

Reverse Proxy Overview

Logging

In the rewrite logs of the HTTP entry, you should see similar entries:

[10.200.33.57/sid#55d0555bd0c8][rid#55d0555df7a0/initial] redirect to https://10.200.33.57/ [REDIRECT/301]
[Fri Jul 12 09:28:43.982254 2019] [rewrite:trace1] [pid 15009] mod_rewrite.c(483): [client 10.200.33.54:39469] 10.200.33.54 - - [10.200.33.57/sid#55d055530df0][rid#55d0555e2670/initial] escaping https://10.200.33.57/ for redirect
[Fri Jul 12 09:28:43.982301 2019] [rewrite:trace1] [pid 15009] mod_rewrite.c(483): [client 10.200.33.54:39469] 10.200.33.54 - - [10.200.33.57/sid#55d055530df0][rid#55d0555e2670/initial] redirect to https://10.200.33.57/ [REDIRECT/301]