CSS11506 Help SSL config

Unanswered Question

Well, I was able to get the 11506 to proxy to different webservers based on URL statements. Now I am testing SSL reverse proxy. I have the SSL module installed. So I have one web server on port 80 behind the CSS. https://www.test.com resolves to the VIP of the CSS. I have created a self signed cert for test purposes. So it seems to be working about 80 percent as I get the prompt for the certificate and get to the login screen of the webserver, however as soon as I login, it puts me back to an HTTP url, so it works but it is no longer encrypted. If I take the http content rule out then I cant seem to get past the web server login prompt. I am a little confused as to whether or not I need the HTTP rule in addition to the SSL rules.

Here is the config

ssl associate rsakey myrsakey1 CSSrsakey1

ssl associate cert myrsacert1 CSScertfile1

ip route 0.0.0.0 0.0.0.0 192.168.20.1 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.20.20 255.255.255.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl-list

ssl-server 90

ssl-server 90 vip address 192.168.20.100

ssl-server 90 cipher rsa-with-des-cbc-sha 192.168.20.50 80

ssl-server 90 cipher rsa-with-3des-ede-cbc-sha 192.168.20.50 80

ssl-server 90 cipher rsa-with-rc4-128-sha 192.168.20.50 80

ssl-server 90 cipher rsa-with-rc4-128-md5 192.168.20.50 80

ssl-server 90 rsacert myrsacert1

ssl-server 90 rsakey myrsakey1

active

!************************** SERVICE **************************

service SSLWWW

type ssl-accel

slot 6

keepalive type none

add ssl-proxy-list ssl-list

active

service rprox1

ip address 192.168.20.50

protocol tcp

port 80

active

service rprox2

ip address 192.168.20.60

protocol tcp

port 80

!*************************** OWNER ***************************

owner CMPA

content HTTP_rule

add service rprox1

url "//www.test.com/*"

protocol tcp

port 80

vip address 192.168.20.100

active

content ssl

vip address 192.168.20.100

application ssl

add service SSLWWW

protocol tcp

port 443

active

owner clee

content redirect_rule_2

add service rprox2

vip address 192.168.20.100

url "//www.test1.com/*"

protocol tcp

port 80

CSS11506#

Any help is appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
diro Thu, 05/10/2007 - 09:16

probably your getting an http redirect after login. To be sure this is the case you should sniff out the traffic. if this is the case then you should enable url rewrite.

Actions

This Discussion