Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
0
Helpful
3
Replies

HTTPS to Multiple HTTP service and ports

naslamenace
Level 1
Level 1

‎10-16-2007 05:16 AM

Hello Guys,

I am trying to set up a config in a one armed design with client connecting via https that should be redirected to differents http servers (some are port 80 others 8080 and 9000) and depending on the end of the HTTPS url I have to rewrite the end of the url to connect to the right application on the server.

example i use

https://mydomain.extranet.prod/reporting and this should be transformed in http://sdourep01.rep.fr:8080/

But at the same time if the client use this https url:https://mydomain.extranet.prod/ged/appli1 it should be rerouted to others servers using port 9000.

Can someone help on how with a same VIP and a same certificate i can balance the traffic to the right servers changing the ports and rewriting the url.

Here is a sample of my config so far.

Thanks

Labels:
Preview file
4 KB
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-16-2007 11:31 PM

if all you need is change the port, than can easily be done.

Create a rule to handle the SSL traffic. A single rule for all your url is ok.

Send the cleartext traffic to an ip port ie: x.x.x.x:81

Then create multiple rules for x.x.x.x:81 with different url match statement.

ie:

content reporting

virt x.x.x.x

proto tcp

port 81

add service Server1_8080

url "/reporing*"

active

Content Appli1

virt x.x.x.x

proto tcp

port 81

add service Server1_9000

url "/ged/appli1*"

active

However, if you need the url to be changed as well as the port, then you will need to configure a redirect. Then catch the redirect with a new SSL rule and forward it to the specific server.

Hope this helps.

If you need more info, let me know.

Gilles.

0 Helpful

naslamenace
Level 1
Level 1
In response to Gilles Dufour

‎10-17-2007 02:13 AM

Hi Gilles,

Thanks for the feedback, can you just let me know how you send the clear text traffic to a vip and the port 81, can i do that in the ssl-proxy-list by changing ssl-server 100 cipher rsa-with-rc4-128-md5 172.17.64.130 80 to ssl-server 100 cipher rsa-with-rc4-128-md5 172.17.64.130 81 ?

for the redirection can you explain a bit more or send a sample of conf.

Because i need to change the url and the port like following:

https://xxxx.extranet.pro/workflow to http://172.17.64.140:8080/appli_mail

Any advice is welcome.

thanks for the response

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to naslamenace

‎10-17-2007 02:58 AM

you indeed change the ssl proxy-list the way you showed.

All the redirect examples are @

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml

You need to use the solution that allows you to set the HTTPS at the beginning of the url.

The easiest for the redirect would be the first option with the redirect command inside content rule

ie:

redirect "https://www.cisco.com/tac/"

0 Helpful
Customers Also Viewed These Support Documents