CSS11501 Simple SSL (HTTP to HTTPS) configuration

Unanswered Question
Apr 1st, 2008

Hi everyone

We've just started investigating moving SSL offload to our CSS11501. I've got the configuration working with a single (HTTP) server as per the example configuration at:


I'm unsure as to how to load balance to multiple HTTP servers though. Anyone have a simple config which will make this clear?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Tue, 04/01/2008 - 08:29

I'm glad the example I wrote was helpful to you.

To answer your question, what you need to do is send the decrypted traffic to another vip on the CSS.

So, you create a content rule for the cleartext traffic.

Assign a vip, a port, all the http servers.

Then in your ssl proxy-list, replace the destination server ip with the vip from your cleartext content rule.


osiristrading123 Tue, 04/01/2008 - 13:37

Thanks Gilles.

We have it working very well now, with one slight workaround:

The SSL-HTTP proxying worked fine. We have only one content rule for client facing, and for to where the ssl-proxy-list redirects. When we added another L4 rule to redirect port 80 requests to port 443, we ended up with a loop.

To resolve this issue we changed the HTTP port on the webservers to 81, and used this port in the ssl-proxy-list.

I assume if we had two separate content rules (one for client facing, and one for the ssl-proxy-list to forward to), we would not have had this issue?


This Discussion