forcing traffic to a particular url

Answered Question
Nov 28th, 2006
User Badges:

Hello


I would like to be able to force traffic destined for this url http://test.eircom.ie to go to service A and traffic for http://test.eircom.ie/ws to go to service B.


How might I do this?


Thanks


Donagh

Correct Answer by Gilles Dufour about 10 years 8 months ago

Here you go:


owner MyCompany

content WS

vip x.x.x.x

proto tcp

port 80

url "/ws/*"

add service service_B

active

content Any

vip x.x.x.x

proto tcp

port 80

url "/*"

add service service_A

active



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Tue, 11/28/2006 - 08:45
User Badges:
  • Cisco Employee,

Donagh,


could you please specify what hardware you are using.

You will need a L7 rule to match on the url, but the config is different depending on the hardware.


Gilles.

donaghq_2 Tue, 11/28/2006 - 09:02
User Badges:

Hi Gilles


Thanks for your reply.


I am using a CSS11503.


Regards


Donagh

Correct Answer
Gilles Dufour Wed, 11/29/2006 - 02:36
User Badges:
  • Cisco Employee,

Here you go:


owner MyCompany

content WS

vip x.x.x.x

proto tcp

port 80

url "/ws/*"

add service service_B

active

content Any

vip x.x.x.x

proto tcp

port 80

url "/*"

add service service_A

active



donaghq_2 Fri, 12/29/2006 - 09:04
User Badges:

Hi Gilles


I have tried to implement this but I cannot get it to work. The big difference is that I am trying to do this for SSL traffic. Here is my config


content TEST-ssl

vip address 10.40.21.26

application ssl

add service tst01-SSL-2443

add service tst01-ssl-2444

advanced-balance sticky-srcip

protocol tcp

port 443

url "/*"

active


content TEST-ssl-01

vip address 10.40.21.26

add service tst01-SSL-2445

add service tst01-SSL-2446

application ssl

advanced-balance sticky-srcip

protocol tcp

port 443

url "/WS/*"

active


Traffic destined for https://test.eircom.ie/go gets transferred to ports 2445 and 2446. Traffic destined for https://test.eircom.ie/WS does not work and returns a "page cannot be displayed" error.


Traffic for "/WS/*" is being delivered to the webserver by means of a POST using a service called SOAP over HTTP. Perhaps that makes a difference to the operation?


Thanks


Donagh



Gilles Dufour Sun, 12/31/2006 - 08:05
User Badges:
  • Cisco Employee,

Donagh,


the big difference with ssl is that traffic is encrypted so nobody (including the CSS) can see the data. Therefore the CSS does not see the url and it fails to match a content rule.

The first rule is ok because the url is match any.

You need an ssl module to do this.


Gilles.

Actions

This Discussion