CSS11506 - Reverse Proxy - Inbound URL blocking

Unanswered Question

We are currently running an older Netapp proxy and are in the process of migrating our inbound web connections to our Cisco 11506 appliance. All is running fine except we have one application that we are filtering a few URL strings on the Netapp and I am unable to find out how to do this on the CSS..

Here is an example of what we are filtering on the Netapp

deny url contains "/API/"

deny url contains "/DBA/"

deny url contains "/DBViewer/"

deny url contains "/SDK/"

deny url contains "/Tools/"

deny url contains "/_mem_bin/"

deny url contains "/_vti_bin/"

deny url contains "/cmd.exe"

deny url contains "/msadc/"

Any ideas if this is possible on the CSS ??

Currently on the CSS we terminate inbound SSL connections with a backend port 80 connection to the web server.

Any help would be appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Thu, 11/13/2008 - 12:43
User Badges:
  • Blue, 1500 points or more

You are right CSS will match the URLs defined in the URQL and will balance only these urls.

Syed Iftekhar Ahmed

Thanks, this might be a dumb question but here it goes :)

I can get the URQL to work for all extensions of the main page, but not the main page itself.

In the URQL it wants the following

url 20 url "/xxxxx" which allows me to define what extension of the main page.

How do I write that statement to allow

www.test.com only ? It gives me invalid URL if I follow the format above..

To shed a bit more light, I was using a URL statement before to speficy the following

url "//www.test.ca/*"

But this also allowed all sub pages to be accessible. Is there a way with the URL statement to only allow the main page only ??

Thanks again for the help.




This Discussion