Starting with release 11.1, NetScaler ADC offers an easy way to redirect traffic from HTTP to HTTPS within the configuration of a load-balanced vServer. With 11.1, Citrix introduced the paramter -redirectFromPort and -redirectURL.
While playing with a NetScaler ADC in my lab, I discovered a strange error message as I tried to configure the redirect.
Internal vserver couldn’t be set?! Okay, there was already a vServer, that was listening on port 80. After removing the vServer, I was able to setup the redirection and it was working as expected.
A hidden vServer
Later, I was really suprised to find a hidden vServer in the output of the “stat lb vserver” command.
> stat lb vserver lb_vsrv_https_httpredir_31 -fullValues Virtual Server Summary vsvrIP port Protocol lb_vsrv_https_httpredir_31 192.168.200.146 80 HTTP State lb_vsrv_https_httpredir_31 DOWN Health actSvcs lb_vsrv_https_httpredir_31 0 0 inactSvcs lb_vsrv_https_httpredir_31 0 Virtual Server Statistics Rate (/s) Total Vserver hits 0 0 Requests 0 0 Responses 0 0 Request bytes 108 1131 Response bytes 66 690 Total Packets rcvd 1 15 Total Packets sent 1 12 Current client connections -- 3 Current Client Est connections -- 0 Current server connections -- 0 Requests in surge queue -- 0 Requests in vserver's surgeQ -- 0 Requests in service's surgeQs -- 0 Spill Over Threshold -- 0 Spill Over Hits -- 0 Labeled Connection -- 0 Push Labeled Connection -- 0 Deferred Request 0 0 Invalid Request/Response -- 0 Invalid Request/Response Dropped -- 0 Vserver Down Backup Hits -- 3 Current Multipath TCP sessions -- 0 Current Multipath TCP subflows -- 0 Done
The name of the vServer is always the same (name of the vServer plus suffix _httpredir_##). Sometimes, the vServer has an other ending number after a reboot. There is no hint to this vServer in the config of the NetScaler. The behaviour is the same for NetScaler ADC 11.1 and 12.0.
I don’t think that this some kind of a hack or an issue. But I think that’s something you should know when working with HTTPS redirection, or for troubleshooting purposes.
- Escaping special characters in proxy auth passwords in vCenter - October 8, 2021
- On the road to… nowhere? - July 26, 2021
- Configure VMware Horizon View client device certificate authentication - March 11, 2021