CSS. loosing login/pass info due to redirection http -> https

Unanswered Question
Jun 14th, 2007


I have sort of a problem with CSS 11501 (ios

The desigh is:

client(http) -internet-> router -> checkpoint(nat) -> css -> backe-end server. CSS, checkpoind, back-end server are in the same subnet. CSS performs SSL termination.

I want to have automatic redirection from http to https, so when the remote client connects to CSS with http he's redirected to https. The client enter login/pass info but this info is lost after redirection and it's nesessary to enter login/pass again.

Note: If I connect to https directly I'm able to login without problems.

CSS config:

!************************** CIRCUIT **************************

circuit VLAN112

ip address

circuit VLAN114

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list rrssl1

ssl-server 1

ssl-server 1 dhparam ...

ssl-server 1 rsacert ...

ssl-server 1 rsakey ...

ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 80

ssl-server 1 vip address

!************************** SERVICE **************************

service secure-transfer

type redirect

no prepend-http

ip address

keepalive type none

domain "https://test1.abc.com"


service sslservice

type ssl-accel

add ssl-proxy-list rrssl1

slot 2

keepalive type none


!*************************** OWNER ***************************

owner test

content default-redirect

protocol tcp

port 80

url "/*"

vip address

add service secure-transfer


content ssl-rule

protocol tcp

port 443

add service sslservice

vip address


Tnx a lot in advance for any comments.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Gilles Dufour Thu, 06/14/2007 - 03:33

the CSS itself is not involved in the login process.

If you have to login in HTTP, it means the login is requested before you get to the CSS.

[the CSS would just forward a redirect and will not request any login and will not connect to the server].

So, the checkpoint firewall is probably doing the login.

You should check there for help.


kreshetnikov Thu, 06/14/2007 - 04:10

The back-end server performed authentication after redirection http -> https, the firewall does no authentication. The problem was solved , unfortunatly it was not an issue that could be resolved via the css. We had to resort to manually editing the html file.


This Discussion