How to Redirect to a Sorry Server

Scope

Sorry Server functionality only works with a secure Virtual Service, for example 443, when the traffic is offloaded. It will NOT work if the traffic is then re-encrypted.

This can cause issues in certain scenarios. For example, when load balancing a secure Virtual Service over port 443 in Azure, where you only have one IP address at your disposal, and when the back-end servers require the traffic to be re-encrypted. 

 

Solution

A potential workaround to this situation is to make use of the LoadMaster's redirect handling feature. Here we can configure a redirect using the same domain name, but set a destination port of, for example, port 9443. You will have another Virtual Service configured to listen on this port, where your Sorry Server will reside.

 

Configuration

Step 1.  Configure Redirect Handler

Navigate to the following path in the LoadMaster Web User Interface (WUI): Virtual Service > View/Modify > Modify VS > Advanced Properties > Not Available Redirection Handling. 

Error Code: 302 Found

Redirect URL: https://web.kemptest.com:9443

 

Step 2. Configure the Sorry Server Virtual Service

View/Modify Services > Add New

2.1 Enabled SSL Acceleration 

 

2.2 Navigate to Real Servers

View/Modify Services > Modify > Real Servers > Add New

Add Sorry Server IP address.

Set the destination port, for example port 80.

Set the Real Server Check Method to None.   

 

3. Test

To test, disable your Real Servers on your 443 production Virtual Service. You should then see a Redirect Symbol on your Virtual Service.

Make a test connection where you should now be redirected to your port 9443 Virtual Service that contains your Sorry Server.

Was this article helpful?

0 out of 0 found this helpful

Comments

Avatar
trenoir

Hello,
for the error Code 503, i can only specify an Error Message, not an URL
Why ?
Bests Regards

Avatar
Naseer Husein

Hi Thierry,

The purpose of a 503 error code it to display "Service Unavailable" message. If you'd like to do a redirect, you can use the 302 status code to achieve that. The status codes are defined by the IETF and Kemp is adhering to the IETF standards.