05-10-2007 07:56 AM
Well, I was able to get the 11506 to proxy to different webservers based on URL statements. Now I am testing SSL reverse proxy. I have the SSL module installed. So I have one web server on port 80 behind the CSS. https://www.test.com resolves to the VIP of the CSS. I have created a self signed cert for test purposes. So it seems to be working about 80 percent as I get the prompt for the certificate and get to the login screen of the webserver, however as soon as I login, it puts me back to an HTTP url, so it works but it is no longer encrypted. If I take the http content rule out then I cant seem to get past the web server login prompt. I am a little confused as to whether or not I need the HTTP rule in addition to the SSL rules.
Here is the config
ssl associate rsakey myrsakey1 CSSrsakey1
ssl associate cert myrsacert1 CSScertfile1
ip route 0.0.0.0 0.0.0.0 192.168.20.1 1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.20.20 255.255.255.0
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list ssl-list
ssl-server 90
ssl-server 90 vip address 192.168.20.100
ssl-server 90 cipher rsa-with-des-cbc-sha 192.168.20.50 80
ssl-server 90 cipher rsa-with-3des-ede-cbc-sha 192.168.20.50 80
ssl-server 90 cipher rsa-with-rc4-128-sha 192.168.20.50 80
ssl-server 90 cipher rsa-with-rc4-128-md5 192.168.20.50 80
ssl-server 90 rsacert myrsacert1
ssl-server 90 rsakey myrsakey1
active
!************************** SERVICE **************************
service SSLWWW
type ssl-accel
slot 6
keepalive type none
add ssl-proxy-list ssl-list
active
service rprox1
ip address 192.168.20.50
protocol tcp
port 80
active
service rprox2
ip address 192.168.20.60
protocol tcp
port 80
!*************************** OWNER ***************************
owner CMPA
content HTTP_rule
add service rprox1
url "//www.test.com/*"
protocol tcp
port 80
vip address 192.168.20.100
active
content ssl
vip address 192.168.20.100
application ssl
add service SSLWWW
protocol tcp
port 443
active
owner clee
content redirect_rule_2
add service rprox2
vip address 192.168.20.100
url "//www.test1.com/*"
protocol tcp
port 80
CSS11506#
Any help is appreciated
05-10-2007 09:16 AM
probably your getting an http redirect after login. To be sure this is the case you should sniff out the traffic. if this is the case then you should enable url rewrite.
05-10-2007 09:19 AM
05-10-2007 10:11 AM
Great thanks alot guys for the tip. Using the URL rewrite I am now able to keep the HTTPS session connection even after the login.
Cheers
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide