CSS11506 - Some basic help needed

Unanswered Question

Alright, I have a CSS11506 in the lab and I am trying to configure it into a reverse proxy config. So I would like to have all inbound http requests hit the CSS and then have it redirect to our web server on correct DMZ. Having never setup a CSS before I need some help.

- Is my service type proxy-cache, type redirect or type transparent cache ?

I know this should be fairly easy to do with the 11506. Can you also provide some docs explaining the config walkthru.

Any help would be appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Wed, 05/09/2007 - 11:49
User Badges:
  • Blue, 1500 points or more

If requirement is simply to direct all http requests to an application's virtual IP (defined on CSS) to a group of web servers then you dont need to define any service type. The default "type local" will work for you.

transparent-cache/proxy-cache type services are needed when you are dealing with Cache engines instead of webservers.Redirect type service is used to redirect client's request to a diffrent host (using 302 messages).


Thanks, that explains a few things.

So assuming the following, DMZ web server ip is and VIP for CSS is, basically I would want to redirect all inbound http requests from to the using the following CSS config ?

service rprox1

ip address

protocol tcp

port 8080


owner clee

content redirect_rule

add service rprox1

vip address

protocol tcp

port 8080

url "/*"

Like I said, never configured one yet so this is my first attemtp.

Thanks again for the help



Syed Iftekhar Ahmed Wed, 05/09/2007 - 20:47
User Badges:
  • Blue, 1500 points or more

The above config will work if you are expecting the traffic on port 8080.

The only other thing you need to make sure is that the return traffic should not bypass CSS.

If your clients are coming from any other networks than 192.168.20.x, then you can ensure that by pointing the webserver's default gateway to the CSS circuit ip.

If you are also expecting clients from network 192.168.20.x network then you will need to source nat such traffic.



This Discussion