Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL Content rules based on uri

I don't seem to be able to construct an ssl content rule that allows dilineation by uri. The documentation says to set the rule as follows for ssl:

vip address x.x.x.x

add service abcd

add service defg

application ssl

advanced-balance ssl

protocol tcp

port 443

uri "/*"

active

This works but if I try to change the uri to:

uri "/CSO/html/SignOn.html" the rule stops working.

Is it possible to do this?????

2 REPLIES
Cisco Employee

Re: SSL Content rules based on uri

That's the nature of SSL.

All traffic is encrypted to avoid people to look at it.

So, the CSS does not see and has no way to see the URL.

With 'url "/*"' it works because it means any URL.

Gilles.

Bronze

Re: SSL Content rules based on uri

Ditto on Gilles' response, however there is a way to do this with additional hardware.

If you use SSL acceleration, Onboard the CSS or externally, you can then use uri rules on the decrypted SSL traffic.

102
Views
10
Helpful
2
Replies