03-26-2008 08:11 PM
In some cisco.com configuration example I see url "/*" being called out as one element required to configure advanced-balance ssl (sticky ssl). But other resources do not have the url "/*". I have an example of each below. Is url "/*" just a default "any" that is really in the content rules by default? Or is the url "/*" really required to get the advanced-balanced ssl to function correctly. Any insight appreciated.
Example showing the url "/*" as needed:
http://www.cisco.com/warp/public/117/css_sticky_timeout.html
Example where url "/*" is not with the advanced-balance ssl:
content ssl-rule
vip address 192.168.5.5
protocol tcp
port 443
add service ssl_module1
add service ssl_module2
application ssl
advanced-balance ssl
active
03-27-2008 08:57 AM
Hi,
The command "url" is not needed on this configuration, there is indeed a mistake on the first example.
With this kind of content rule what you are doing is just load balancing SSL traffic, so the CSS is not able to look at layer 5 (since it is encrypted), therefore there is no way to parse the URL.
Second example is correct:
content ssl-rule
vip address 192.168.5.5
protocol tcp
port 443
add service ssl_module1
add service ssl_module2
application ssl
advanced-balance ssl
active
Hope it heps!!
Diego M
03-27-2008 09:01 AM
That makes total sense. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide