Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS11506 - Reverse Proxy - Inbound URL blocking

We are currently running an older Netapp proxy and are in the process of migrating our inbound web connections to our Cisco 11506 appliance. All is running fine except we have one application that we are filtering a few URL strings on the Netapp and I am unable to find out how to do this on the CSS..

Here is an example of what we are filtering on the Netapp

deny url contains "/API/"

deny url contains "/DBA/"

deny url contains "/DBViewer/"

deny url contains "/SDK/"

deny url contains "/Tools/"

deny url contains "/_mem_bin/"

deny url contains "/_vti_bin/"

deny url contains "/cmd.exe"

deny url contains "/msadc/"

Any ideas if this is possible on the CSS ??

Currently on the CSS we terminate inbound SSL connections with a backend port 80 connection to the web server.

Any help would be appreciated.

Cheers

Dave

4 REPLIES

Re: CSS11506 - Reverse Proxy - Inbound URL blocking

Use the URQL feature on CSS to filter the URLs

For details look at page 93 in the following

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/advcfggd/advcfggd.pdf

Syed Iftekhar Ahmed

New Member

Re: CSS11506 - Reverse Proxy - Inbound URL blocking

Thanks for the link. It looks like A URQL is used to specify what URLS you would like associated with a certain content rule. Does this mean that any URL that isnt specified will not be allowed.

I read the documentation and it doesnt say about denying certain URLS..

Cheers

Dave

Re: CSS11506 - Reverse Proxy - Inbound URL blocking

You are right CSS will match the URLs defined in the URQL and will balance only these urls.

Syed Iftekhar Ahmed

New Member

Re: CSS11506 - Reverse Proxy - Inbound URL blocking

Thanks, this might be a dumb question but here it goes :)

I can get the URQL to work for all extensions of the main page, but not the main page itself.

In the URQL it wants the following

url 20 url "/xxxxx" which allows me to define what extension of the main page.

How do I write that statement to allow

www.test.com only ? It gives me invalid URL if I follow the format above..

To shed a bit more light, I was using a URL statement before to speficy the following

url "//www.test.ca/*"

But this also allowed all sub pages to be accessible. Is there a way with the URL statement to only allow the main page only ??

Thanks again for the help.

Cheers

Dave

239
Views
0
Helpful
4
Replies