cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
629
Views
0
Helpful
3
Replies

ssl-proxy policy url-rewrite - case issue?

martin.foote
Level 1
Level 1

Hello

I have an issue with URL rewrite on the Cisco SSL modules, we are hoping to get ACE modules very soon given the SSL modules are being killed off.

Quite simply the guy, who I have a large amount of confidence in, configuring the website tells me the URL rewrite isn't working.

There has been suggestion that this is because the server is returning an uppercase reference in the HTTP location like this - "Location: HTTP://www.xyz.com/etc" with the HTTP in upper case. I've tried searching for regular expressions or any type of additional configuration which can be applied to ignore case but I can't find any reference in this specific sceanrio.

Can anyone clarify if the URL rewrite on the SSL 6500 Services Module is in fact case sensitive?

If so is there any work around for this?

The only thing I can think to try is to add wildcards to my url rewrite string, just now I simply have "url www.xyz.com" and I'm thinking of adding "url *//www.xyz.com/*"? But I would have thought this is the default action anyway?

The thing which adds weight to his argument is the same application is defined behind Cisco CSS11506 and the with the same test he recieves a redirect to "Location: HTTPs://www.xyz.com/etc". So leaves me thinking why would it work on one but not the other?

Maybe I can't see the wood for the trees but I've been through the configs several times with nothing.

Thanks in advance for any responses

Cheers

Martin

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

Martin,

indeed our code shows that we look for "p:" to locate where to insert the 's'.

Since your url start with HTTP: we do not find the "p:" and fail to do the rewrite.

You should be able to confirm this with the following debug command :

ssl-proxy#debug ssl-proxy app ?
  app  App Record Layer
  hdr  App HTTP Header Insertion
  url  App URL Rewrite
 
ssl-proxy#debug ssl-proxy app url

Unfortunately, there is no CLI command which will solve this problem.

Your Webmaster will have to follow the standard and return a location field which contains http:// ...instead of HTTP://....

I will report the problem internally, but it will take time before we can release an image with a fix.

Gilles.

View solution in original post

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

Martin,

indeed our code shows that we look for "p:" to locate where to insert the 's'.

Since your url start with HTTP: we do not find the "p:" and fail to do the rewrite.

You should be able to confirm this with the following debug command :

ssl-proxy#debug ssl-proxy app ?
  app  App Record Layer
  hdr  App HTTP Header Insertion
  url  App URL Rewrite
 
ssl-proxy#debug ssl-proxy app url

Unfortunately, there is no CLI command which will solve this problem.

Your Webmaster will have to follow the standard and return a location field which contains http:// ...instead of HTTP://....

I will report the problem internally, but it will take time before we can release an image with a fix.

Gilles.

Thanks Gilles

Although not the answer I wanted it is very useful.

Are you able to confirm that the CSS 11506 (WebNS v8.20) acts differently from the SSL module in the handling of the redirect?

Cheers

Martin

Martin,

apparently there is a possibility to get a fix within the next couple of days.

Could you please open a service request with the TAC and ask them to link your problem to ddts CSCte19206 that we created for this problem.

Please provide your current software version.

Thanks.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: