Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS SSL trasparent proxy back-end ssl server with URL

When i try to configure CSS with trasparent proxy back-end SSL servers

i am not able to set URL in the content like:

***** SSL PROXY LIST**************

ssl-proxy-list test

ssl-server 1

ssl-server 1 vip 1.1.1.1

ssl-server 1 port 443

ssl-server 1 rsacert rsacert

ssl-server 1 rsakey rsakey

ssl-server 1 cipher rsa-with-rc4-128-md5 1.1.1.1 8080

backend-server 1

backend-server 1 ip address 2.2.2.2

backend-server 1 port 8080

backend-server 1 server-ip 2.2.2.2

backend-server 1 rsacert rsacert

backend-server 1 rsakey rsakey

backend-server 2

backend-server 2 ip address 2.2.2.3

backend-server 2 port 8080

backend-server 2 server-ip 2.2.2.3

backend-server 2 rsacert rsacert

backend-server 2 rsakey rsakey

active

**********SERVICE************

service ssl_module

type ssl-accel

keeplive type none

slot 2

add ssl-proxy-list test

active

service serverone

type ssl-accel-backend

ip address 2.2.2.2

protocol tcp

keepalive type ssl

keepalive port 443

add ssl-proxy-list test

active

service servertwo

type ssl-accel-backend

ip address 2.2.2.3

protocol tcp

keepalive type ssl

keepalive port 443

add ssl-proxy-list test

active

******************************OWNER********************

owner my.com

content ssl-rule

vip address 1.1.1.1

protocol tcp

port 443

add service ssl_module

application ssl

advanced-balance ssl

active

content http-ssl-rule

vip address 1.1.1.1

protocol tcp

port 8080

url "/www.mysite.com/*"

add service serverone

add service servertwo

advanced-balance arrowpoint-cookie

active

--------------------

URL "/www.mysite.com/*" work fine with server (service ) on clear text (port 80)

but if configure SSL on backend servers only URL"/*" works.

Someone know if it's correct ??

Can i select URL in this environment for redirect specific URL on server groups ??

regards

  • Application Networking
1 REPLY
Cisco Employee

Re: CSS SSL trasparent proxy back-end ssl server with URL

it works for me, however the correct way to enter the host matching is this :

content backend

vip address 192.168.20.222

add service backend-ssl3

protocol tcp

port 81

url "//www.gdufour.net/*"

active

See the double slash "//"

Gilles.

239
Views
0
Helpful
1
Replies