proceed only https and prevent any http on CSS

Unanswered Question
Sep 18th, 2007

I have to following config:

****************************

service SSL-EtradeTest

type ssl-accel

slot 2

keepalive type none

add ssl-proxy-list SSL_Proxy

compress enable

active

service WEB1

ip address 172.20.2.21

compress enable

slot 2

active

service WEB2

ip address 172.20.2.22

compress enable

slot 2

active

!*************************** OWNER ***************************

owner WEB

content SSL-Content

vip address 172.20.2.30

add service SSL-EtradeTest

protocol tcp

port 443

active

content WEB1-Content-HTTP1

vip address 172.20.2.30

add service WEB1

url "/HEN/pushlet/"

protocol tcp

port 9080

active

content WEB2-Content-HTTP1

vip address 172.20.2.30

add service WEB2

protocol tcp

port 80

url "/Trading/*" active

!*************************** GROUP ***************************

group WEB

vip address 172.20.2.30

add destination service WEB1

add destination service WEB2

active

CSS should not process http request send to it. It should process only

https requests.

Any idea please.....

Regards,

Hasan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 09/18/2007 - 23:10

Hasan,

you can create a content rule for port 80 (HTTP) and use a redirect to send the traffic to HTTPS.

But you have to send your decrypted traffic to a different content rule : ie port 81.

However, if a user does a port scan and find port 81, it can bypass your HTTPS rule and access directly the port 81 content rule.

So at the end you will still need the ACL.

Gilles.

Actions

This Discussion