Re: CSS: Backend SSL - Service Keepalive

Sbutzek · ‎01-17-2006

Hello,

i've using Version 7.50 and using the SSL Module with Backend SSL.

Now, i wanted to make my keepalive with an http Request on Port 80.

With an script this seems to be possible, but i do not know if this is supported.

Sven

Gilles Dufour · ‎01-17-2006

Sven,

you can create an HTTP keepalive. No need of a script for that.

Simply use 'keepalive type http'.

I'm not sure if this is what you're looking for.

If not, could you please give us more details about what you are trying to achieve.

Thanks,

Gilles.

Thanks for rating this answer.

Sbutzek · ‎01-17-2006

Hi Gilles,

keepalive type http is not supported, on services using backend ssl:

http://www.cisco.com/en/US/customer/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a008040ad0e.html#wp1009093

So, only keepalive type http encrypted is supportet, but i have to retain a special Page, which is, for security, only aviable via http on port 80.

So the only way to retrieve a page on port 80, is to run a script i think.

But scripts are not listed, to be supportet.

But there is also no information that they are not supported.

Golbal keepalive i have not testet if the work with keepalive type http and assignig it to the backend-SSL service. I'll try this soon.

Sven

Gilles Dufour · ‎01-18-2006

keepalive http is also supported.

Any type of keepalive is supported.

The documentation is just not complete.

From my lab :

CSS11503# sho run ser linux1-sslmod

!************************** SERVICE **************************

service linux1-sslmod

ip address 192.168.30.27

type ssl-accel-backend

add ssl-proxy-list gdufour-backend

string Test1A

keepalive type http

active

CSS11503# sho ser linux1-sslmod

Name: linux1-sslmod Index: 13

Type: Ssl-Accel-Backend State: Alive

Rule ( 192.168.30.27 ANY ANY )

Session Redundancy: Disabled

Redirect Domain:

Redirect String:

Keepalive: (HTTP:HEAD: 5 3 5 )

I will report the documentation error to the appropriate web team.

Thanks,

Gilles.

Sbutzek · ‎01-18-2006

Hello,

i've tried two things:

1) i've tried to implement the keepalive type http

->

blncss09-140(config-service[test])# keepalive type http

%% Cannot configure keepalive type script, FTP or HTTP for backend-SSL service

blncss09-140(config-service[test])# keepalive type script ap-kal-httpauth

-> no problem at all to configure it, but is it supported?

blncss09-140(config-service[test)# keepalive type named test

-> no problem at all

here the config of the global keepalive for service test.

keepalive test-b

uri "/admin/Ping.simple"

method get

ip address 10.2.128.49

type http

port 80

active

So there is a way to implement it, without a script

Sven

Gilles Dufour · ‎01-18-2006

Sven,

what version are you using ?

Gilles.

Sbutzek · ‎01-18-2006

Gilles,

7.50.103 i'am using.

In 7.30 it was not possible to configure an keepalive type http encrypted.

I think this is the restriction.

Sven

Gilles Dufour · ‎01-18-2006

Actually, I was using a 7.30 version that did not have this restriction.

CSCeg68058

"Modify KAL restrictions for ssl-init and ssl-accel-backend services"

With 7.50, which includes the bug fix above, it is indeed not possible to configre http keepalive.

I just do not remember why we have this restriction.

I believe your solution is valid - I'm going to check if named keepalive should be supported.

Gilles.