Login
- Table of Contents
-
- 05-Network Connectivity Configuration Guide
- 00-Preface
- 01-About the network connectivity configuration guide
- 02-MAC address table configuration
- 03-Ethernet link aggregation configuration
- 04-Port isolation configuration
- 05-VLAN configuration
- 06-Loop detection configuration
- 07-Spanning tree configuration
- 08-LLDP configuration
- 09-Layer 2 forwarding configuration
- 10-L2TP configuration
- 11-ARP configuration
- 12-IP addressing configuration
- 13-DHCP configuration
- 14-DHCP snooping configuration
- 15-DHCPv6 configuration
- 16-DHCPv6 snooping configuration
- 17-DNS configuration
- 18-HTTP configuration
- 19-HTTP redirect configuration
- 20-IP forwarding basics configuration
- 21-Fast forwarding configuration
- 22-Adjacency table configuration
- 23-IP performance optimization configuration
- 24-IPv6 basics configuration
- 25-IPv6 neighbor discovery configuration
- 26-IPv6 fast forwarding configuration
- 27-IPv6 transition technologies configuration
- 28-NAT configuration
- 29-GRE configuration
- 30-Basic IP routing configuration
- 31-Static routing configuration
- 32-OSPF configuration
- 33-Policy-based routing configuration
- 34-IPv6 static routing configuration
- 35-IPv6 policy-based routing configuration
- 36-Multicast overview
- 37-IGMP snooping configuration
- 38-MLD snooping configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 19-HTTP redirect configuration | 65.31 KB |
HTTP redirect tasks at a glance
Configuring HTTPS-based redirect
Associating an SSL server policy with the HTTPS redirect service
Setting the HTTPS redirect rate limit
Verifying and maintaining HTTP redirect
Configuring HTTP redirect
About HTTP redirect
HTTP redirect is a method to redirect users' HTTP or HTTPS requests to a specific URL. It is used in the following features:
· Redirect URL assignment in 802.1X authentication, MAC authentication, and port security.
· EAD assistant URL redirection in 802.1X authentication.
· URL redirection services in portal.
HTTP redirect tasks at a glance
To configure HTTP redirect, perform the following tasks:
1. (Optional.) Configuring HTTPS-based redirect
2. (Optional.) Associating an SSL server policy with the HTTPS redirect service
3. (Optional.) Setting the HTTPS redirect rate limit
Configuring HTTPS-based redirect
About this task
By default, when the device uses HTTPS-based redirect. The endpoint often display a security warning for the redirect page. In environments that are trusted or have low security requirements, you can disable HTTPS-based redirect to avoid such warnings.
After you disable this feature, HTTPS-based redirect for portal authentication, MAC address authentication, and 802.1X authentication will become inactive and HTTP-based redirect will be used.
Restrictions and guidelines
To avoid security risks in environments that are not trusted or have high security requirements, disable HTTPS-based redirect as a best practice.
Procedure
1. Enter system view.
system-view
2. Disable HTTPS-based redirect.
undo http-redirect https enable
By default, HTTPS-based redirect is enabled.
Associating an SSL server policy with the HTTPS redirect service
About associating an SSL server policy with the HTTPS redirect service
An SSL server policy is a set of SSL parameters used by the device when the device acts as the SSL server. You can configure parameters such as supported cipher suites and whether to perform digital certificate-based authentication on SSL clients for the SSL server policy.
You can use one of the following local certificates for HTTPS redirect service according to the security requirements and the configuration complexity:
· Self-signed certificate—Using this type of certificate is simple in configuration but has low security. You do not need to associate an SSL server policy with the HTTPS redirect service and the default SSL parameters are used. However, a self-signed certificate is not trusted by the browser. When the device redirects HTTPS requests to the specified URL, a certificate security warning prompt might appear on the browser. If you accept the security risks stated in the prompt, you can ignore the prompt to browse the page.
· CA-signed certificate—Using this type of certificate is complex in configuration but has high security. You must obtain a CA certificate, request a local certificate from the CA, create an SSL server policy, and associate the SSL server policy with the HTTPS redirect service.
For more information about digital certificates, see PKI in Security Configuration Guide. For more information about the SSL server policy configuration, see SSL in Security Configuration Guide.
Restrictions and guidelines
HTTPS redirect is unavailable if the associated SSL server policy does not exist. You can first associate a nonexistent SSL server policy with the HTTPS redirect service and then configure the SSL server policy.
If you change the SSL server policy associated with the HTTPS redirect service, the new policy takes effect immediately.
If you perform this task multiple times, the most recent configuration takes effect.
Procedure
1. Enter system view.
system-view
2. Associate an SSL server policy with the HTTPS redirect service.
http-redirect ssl-server-policy policy-name
By default, no SSL server policy is associated with the HTTPS redirect service. The HTTPS redirect service uses the self-assigned certificate and the default SSL parameters.
Setting the HTTPS redirect rate limit
About this task
Redirecting a large number of HTTPS requests will overwhelm the CPU and affect other services on the device. To resolve this issue, you can limit the rate of HTTPS redirect packets sent to the CPU. When the rate of the HTTP redirect packets exceeds the limit, the device drops the exceeding HTTPS redirect packets.
Restrictions and guidelines
Setting this limit affects the performances of services that need to redirect HTTPS requests, for example, the user online rate of the authentication service. Set a proper HTTPS redirect rate limit according to the network condition.
Procedure
1. Enter system view.
system-view
2. Set the HTTPS redirect rate limit.
http-redirect https-rate-limit pps
By default, the HTTPS redirect rate limit is 100 pps.
Verifying and maintaining HTTP redirect
To display packet statistics for HTTP redirect, execute the following command in any view:
display http-redirect statistics [ slot slot-number ]
To clear packet statistics for HTTP redirect, execute the following command in user view:
reset http-redirect statistics [ slot slot-number ]
