HTTPS port re-direction Question

Unanswered Question
Aug 1st, 2007

We're currently running a pair of web servers behind a CSS, on the web servers we're running multiple environments which we're differentiating between through port No's.

One thing we'd like to be able to accomplish is to decrypt incoming traffic on port 443 and redirect this to another port No, eg 9443. Is this something I'm able to achieve on the CSS?

I'm thinking I'd have a content rule to terminate the 443 connection which would include a redirect statement, then a rule to allow the connection in on 9443. In the scenario, security isn't really the main issue (it will be internal connectivity) it's more to allow us to test the functionality and allow us to segregate the traffic.

TIA Dan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 08/01/2007 - 04:40

Dan,

you can have the css listen on port 443 and the server listening on port 9443.

Simply specify which port to use under the service definition.

There is no need for the CSS to decrypt the traffic or send a redirect for this to work.

ie:

service HTTPS1

ip x.x.x.x

port 9443

active

owner mycompany

content ssl

vip x.x.x.x

add service HTTPS1

port 9443

proto tcp

active

Gilles.

Daniel Anderson Thu, 08/09/2007 - 01:38

Thanks for the reply.

Would this also be the same for http re-direction. For example, I'd like to initiate a connection to a URL, but the servers behind the content rule would only accept connections on port 9080 (different environments). Would the following config function:

service HTTP1

ip x.x.x.x

port 80

active

owner mycompany

vip x.x.x.x

add service HTTP1

port 9080

proto tcp

active

Gilles Dufour Thu, 08/09/2007 - 12:17

if the server behing is listening on port 9080, that's the port you need to configure on the service.

The client will have to use the port in the content rule.

The css will translate from the port in the content to the port in the service.

Gilles.

Actions

This Discussion