CSS:advanced-balance ssl - is url "/*" necessary?

Unanswered Question
Mar 26th, 2008

In some cisco.com configuration example I see url "/*" being called out as one element required to configure advanced-balance ssl (sticky ssl). But other resources do not have the url "/*". I have an example of each below. Is url "/*" just a default "any" that is really in the content rules by default? Or is the url "/*" really required to get the advanced-balanced ssl to function correctly. Any insight appreciated.

Example showing the url "/*" as needed:

http://www.cisco.com/warp/public/117/css_sticky_timeout.html

Example where url "/*" is not with the advanced-balance ssl:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp1000076

content ssl-rule

vip address 192.168.5.5

protocol tcp

port 443

add service ssl_module1

add service ssl_module2

application ssl

advanced-balance ssl

active

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Diego Vargas Thu, 03/27/2008 - 08:57

Hi,

The command "url" is not needed on this configuration, there is indeed a mistake on the first example.

With this kind of content rule what you are doing is just load balancing SSL traffic, so the CSS is not able to look at layer 5 (since it is encrypted), therefore there is no way to parse the URL.

Second example is correct:

content ssl-rule

vip address 192.168.5.5

protocol tcp

port 443

add service ssl_module1

add service ssl_module2

application ssl

advanced-balance ssl

active

Hope it heps!!

Diego M

Actions

This Discussion