Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

CSS11503 URL filtering

Hi all,

I have a pair of redundant CSS11503 load-balancing two HTTP servers. I need to permit access to specific subset of URLs on those two HTTP servers to anybody on the Internet, while rest of the URLs should be allowed for specific range(s) of IP addresses.

- permit any to access /games/scores/*

- permit some/range to access /*

- deny the rest

I'm running a two-armed CSS setup, meaning a public VIP known by external users. Requests to the VIP are load-balanced on two internal/RFC1918 HTTP servers.

I'm running WebNS 7.20.

Anybody can shed some light into this issue?

Thanks,

haver

  • Application Networking
3 REPLIES
New Member

Re: CSS11503 URL filtering

Hi,

the CSS is a 'communication enabling' device, not a 'communication forbidding' device. You can configure the CSS to distribute the load to different servers based on many different algorithms, but you cannot configure the CSS to deny request based on URLs/Source.

What the CSS can do is to deny requests from defined IP addresses. You have to use the ACL feature for this.

What I would do is to let the web servers decide what a user is allowed to see. This way you also can use advanced user authentication on the web servers.

Just let the CSS do what it is built for: distribute traffic.

-alex

Cisco Employee

Re: CSS11503 URL filtering

you could create 2 content rules with the same VIP address but different url:

ie:

owner mycompany

content web_all

vip 10.1.1.1

url "/*"

....

content web_restricted

vip 10.1.1.1

url "/games/scores/*"

...

Then create ACL like this

acl 1

clause 5 deny any destination content web_restricted

clause 10 permit any any destination content mycompany/web_all

The trick is to use 'content ' as the destination.

This is not complete but you should get the idea from this.

Regards,

Gilles.

New Member

Re: CSS11503 URL filtering

Thanks Gilles. I imagined this could be done this way.

// haver

149
Views
11
Helpful
3
Replies