Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
4
Helpful
4
Replies

CSS Sorry Server for HTTPS

fjahan
Level 1
Level 1

‎09-08-2002 01:00 AM

How to configure Sorry server for HTTPS (443) port. Sorry server works fine with HTTP, But not with 443

In the following config if server1 and server2 are down, the HTTP requests goes to the Sorry Server, but for HTTPS nothing is displayed. I am running the sorry server on port 81

Please suggest

!************************** SERVICE **************************

service prisorry

ip address 10.100.11.11

keepalive type http

keepalive port 81

port 81

active

service secsorry

ip address 10.100.11.12

keepalive port 81

keepalive type http

port 81

active

service server1

ip address 10.100.11.11

keepalive type http

keepalive port 80

active

service server2

ip address 10.100.11.12

keepalive type http

keepalive port 80

active

!*************************** OWNER ***************************

owner Loadbalancing

content L4Rule1

protocol tcp

add service server2

add service server1

port 80

url "/*"

vip address 10.100.11.4

advanced-balance sticky-srcip-dstport

primarySorryServer prisorry

secondarySorryServer secsorry

active

content L4Rule2

protocol tcp

add service server2

port 443

add service server1

vip address 10.100.11.4

advanced-balance sticky-srcip-dstport

primarySorryServer prisorry

secondarySorryServer secsorry

application ssl

active

content L4Rule3

add service server2

protocol tcp

port 1443

add service server1

vip address 10.100.11.4

advanced-balance sticky-srcip-dstport

primarySorryServer prisorry

secondarySorryServer secsorry

active

Thanks

Labels:
0 Helpful
4 Replies 4

t.baranski
Level 4
Level 4

‎09-08-2002 03:59 PM

I just deployed a couple 11050's the other day so my experience is limited, but I'd guess your problem is that, when using the Primary Sorry Server, you end up with clients sending HTTPS requests to an HTTP port. Having HTTPS requests redirected to HTTP ports is one thing because the client then makes an HTTP request to that port, but the way you have it above, it appears to me that the client will be talking HTTPS to port 81 on the Sorry Server, which is listening for HTTP.

fjahan
Level 1
Level 1

‎09-08-2002 08:22 PM

Thanks for your input.

Any suggestion how can I make the HTTPS request to hit SORRY SERVER on port 81 if the main service is down. I can run Sorry server only on this port 81

Please suggest.

0 Helpful

t.baranski
Level 4
Level 4
In response to fjahan

‎09-09-2002 07:32 PM

Actually, looking at your config again, you have the same services in both the HTTP and HTTPS content rules. The services are both HTTP, right? If so, sending HTTPS requests to them won't work for the same reason that it won't work for the sorry servers.

What exactly are you trying to accomplish with the SSL content rules? Are either of the services able to service SSL requests on port 80?

0 Helpful

moriarty7
Level 1
Level 1

‎12-04-2002 05:18 PM

I also have had this problem. The way to do this simply (heh) is to use an SSL Offloading device like the SCA in a one-armed configuration. This way when the cleartext port 80 traffic comes back to your CSS, you can then provide a redirect if your servers are all down and the SCA can re-encrypt the packet before it goes back to the client.

Hope this helps!

Craig

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents