Login
- Table of Contents
-
- 06-Layer 3 - IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DNS configuration
- 04-IP forwarding basics configuration
- 05-Fast forwarding configuration
- 06-Adjacency table configuration
- 07-IRDP configuration
- 08-IP performance optimization configuration
- 09-UDP helper configuration
- 10-IPv6 basics configuration
- 11-IPv6 fast forwarding configuration
- 12-Tunneling configuration
- 13-GRE configuration
- 14-HTTP redirect configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 14-HTTP redirect configuration | 46.15 KB |
HTTP redirect tasks at a glance
Specifying the HTTPS redirect listening port number
Associating an SSL server policy with the HTTPS redirect service
Setting the HTTPS redirect rate limit
Display and maintenance commands for HTTP redirect
Configuring HTTP redirect
About HTTP redirect
HTTP redirect is a method to redirect users' HTTP or HTTPS requests to a specific URL. It is used in the following features:
· Redirect URL assignment in 802.1X authentication and MAC authentication.
· EAD assistant URL redirection in 802.1X authentication.
· URL redirection services in portal.
HTTP redirect tasks at a glance
No configuration is required to redirect HTTP requests.
To redirect HTTPS requests, perform the following tasks:
1. Specifying the HTTPS redirect listening port number
2. (Optional.) Associating an SSL server policy with the HTTPS redirect service
3. (Optional.) Setting the HTTPS redirect rate limit
Specifying the HTTPS redirect listening port number
About the HTTPS redirect listening port number
The device can redirect HTTPS requests only after you specify the TCP port number on which the HTTPS redirect service listens for HTTPS requests.
Restrictions and guidelines
To avoid service unavailability caused by port conflict, do not specify a TCP port number used by a well-known protocol or used by any other TCP-based service. To display TCP port numbers that have been used by services, use the display tcp command. For more information about this command, see IP performance optimization commands in Layer 3—IP Services Command Reference.
If you perform this task multiple times, the most recent configuration takes effect.
Procedure
1. Enter system view.
system-view
2. Specify the HTTPS redirect listening port number.
http-redirect https-port port-number
By default, no HTTPS redirect listening port number is specified.
Associating an SSL server policy with the HTTPS redirect service
About associating an SSL server policy with the HTTPS redirect service
To improve the security of HTTPS redirect, you can associate an SSL server policy with the HTTPS redirect service. For more information about the SSL server policy configuration, see SSL in Security Configuration Guide.
Restrictions and guidelines
HTTPS redirect is unavailable if the associated SSL server policy does not exist. You can first associate a nonexistent SSL server policy with the HTTPS redirect service and then configure the SSL server policy.
If you change the SSL server policy associated with the HTTPS redirect service, the new policy takes effect immediately.
If you perform this task multiple times, the most recent configuration takes effect.
Procedure
1. Enter system view.
system-view
2. Associate an SSL server policy with the HTTPS redirect service.
http-redirect ssl-server-policy policy-name
By default, no SSL server policy is associated with the HTTPS redirect service. The HTTPS redirect service uses the self-assigned certificate and the default SSL parameters.
Setting the HTTPS redirect rate limit
About setting the HTTPS redirect rate limit
Redirecting a large number of HTTPS requests will overwhelm the CPU and affect other services on the device. To resolve this issue, you can limit the rate of HTTPS redirect packets sent to the CPU. When the rate of the HTTP redirect packets exceeds the limit, the device drops the exceeding HTTPS redirect packets.
Restrictions and guidelines
Setting this limit affects the performances of services that need to redirect HTTPS requests, for example, the user online rate of the authentication service. Set a proper HTTPS redirect rate limit according to the network condition.
Procedure
1. Enter system view.
system-view
2. Set the HTTPS redirect rate limit.
http-redirect https-rate-limit pps
By default, the rate of HTTPS requests is not limited.
Display and maintenance commands for HTTP redirect
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
(In standalone mode.) Display packet statistics for HTTP redirect. |
display http-redirect statistics [ slot slot-number ] |
|
(In IRF mode.) Display packet statistics for HTTP redirect. |
display http-redirect statistics [ chassis chassis-number slot slot-number ] |
|
(In standalone mode.) Clear packet statistics for HTTP redirect. |
reset http-redirect statistics [ slot slot-number ] |
|
(In IRF mode.) Clear packet statistics for HTTP redirect. |
reset http-redirect statistics [ chassis chassis-number slot slot-number ] |
