01-03-2008 04:26 PM
Hello All,
Im a litle confuse, and im not getting there.
I had this config scheme, and it works fine:
Every SSL Traffic is ended in SSL Module, and give it back to content as port 80.
It matchs the content HTTP-Aplj, and sends traffic to service esl0011-7777.
It works fine, with http and https.
Then i had tryed many unsucessefully times the following:
I want that http traffic goes just like the actual config, ending on backend servers on port 7777, but want the https traffic to be redirected to 4443.
I have done some trys on several parts of the configs, adding new services for 4443 port, ssl-proxy-list, and adding a new content.
I even got this message, when was trying to active the content SSL.Aplj:
%% Not all content VIP:Port combinations are configured in a ssl-proxy-list for sslAccel type of services
Please give me some ideias to achieve this goal.
The following config is the basic config for the 1st step. The working one.
Best Regards,
Bruno Petrónio
************** SSL-Proxy-List **************
ssl-server 90 vip address 10.1.2.136
ssl-server 90 urlrewrite 1 https:\\10.1.2.136
ssl-server 90 rsacert xxxxcert
ssl-server 90 rsakey xxxxkey
ssl-server 90 cipher rsa-export-with-rc4-40-md5 10.1.2.136 80
************** SERVICE **************
service MODSSL
slot 2
type ssl-accel
keepalive type none
add ssl-proxy-list ssl1
active
service esl0011-7777
ip address 10.1.1.120
port 7777
keepalive type http
keepalive port 7777
keepalive uri "/"
active
************** OWNER **************
owner Test
content HTTP-Aplj
vip address 10.1.2.136
port 80
protocol tcp
add service esl0011-7777
redundancy-l4-stateless
active
content SSL-Aplj
vip address 10.1.2.136
add service MODSSL
application ssl
advanced-balance ssl
protocol tcp
port 443
url "/*"
redundancy-l4-stateless
active
01-04-2008 02:10 AM
try the following
ssl-server 90 vip address 10.1.2.136
ssl-server 90 urlrewrite 1 10.1.2.136
ssl-server 90 rsacert xxxxcert
ssl-server 90 rsakey xxxxkey
ssl-server 90 cipher rsa-export-with-rc4-40-md5 10.1.2.136 4443
service esl0011-4443
ip address 10.1.1.120
port 4443
keepalive type http
keepalive uri "/"
active
content HTTP-4443
vip address 10.1.2.136
port 4443
protocol tcp
add service esl0011-4443
active
BTW, I also corrected your urlrewrite command as it was incorrect. You need to specify the host. So not http or https in front.
Gilles.
01-04-2008 03:57 AM
Great,
I have to tell i have tryed this config before, and it was not working.
Guess what, Oracle guys was changing things.
Many thanks Gilles,
I supose it will work fine.
I'm just wainting for clear time test.
I'll feedback later.
Best Regards,
Bruno Petrónio
01-07-2008 06:59 AM
Once again,
Thanks a lot for your help.
Just a note, i realise u correct my urlrewrite ssl-server sentence. Thanks.
But i've all the ssl servers configured like the one i posted. If i change for the way u said, what should i expect ? This is working fine as it is.
Best Regards,
Bruno Petrónio
01-07-2008 07:36 AM
Bruno,
are you sure the redirect function works ?
Are your servers sending HTTP 302 redirect messages ?
Did you see if they where correctly rewritten from http to https ? You may not see it if your browser does not inform you that you are switching to a non-secure page.
The urlredirect command normally take a hostname (or ip address) and it works by scanning the redirect message to find a lint that contains the string you have configured.
Nowhere in the message will you see what you have configured.
So, I would be surprised if it works.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide