Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS:advanced-balance ssl - is url "/*" necessary?

In some cisco.com configuration example I see url "/*" being called out as one element required to configure advanced-balance ssl (sticky ssl). But other resources do not have the url "/*". I have an example of each below. Is url "/*" just a default "any" that is really in the content rules by default? Or is the url "/*" really required to get the advanced-balanced ssl to function correctly. Any insight appreciated.

Example showing the url "/*" as needed:

http://www.cisco.com/warp/public/117/css_sticky_timeout.html

Example where url "/*" is not with the advanced-balance ssl:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp1000076

content ssl-rule

vip address 192.168.5.5

protocol tcp

port 443

add service ssl_module1

add service ssl_module2

application ssl

advanced-balance ssl

active

2 REPLIES
Cisco Employee

Re: CSS:advanced-balance ssl - is url "/*" necessary?

Hi,

The command "url" is not needed on this configuration, there is indeed a mistake on the first example.

With this kind of content rule what you are doing is just load balancing SSL traffic, so the CSS is not able to look at layer 5 (since it is encrypted), therefore there is no way to parse the URL.

Second example is correct:

content ssl-rule

vip address 192.168.5.5

protocol tcp

port 443

add service ssl_module1

add service ssl_module2

application ssl

advanced-balance ssl

active

Hope it heps!!

Diego M

New Member

Re: CSS:advanced-balance ssl - is url "/*" necessary?

That makes total sense. Thanks!

805
Views
0
Helpful
2
Replies
CreatePlease login to create content