Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL-proxy list redirection

when I configure an ssl-proxy-list I end up with redirecting the un-encrypted connection to the CSS on a new port.

Example:

ssl-server 1

ssl-server 1 rsakey my_key

ssl-server 1 rsacert my_cert

ssl-server 1 vip address 11.22.33.44

ssl-server 1 cipher rsa-with-rc4-128-md5 11.22.33.44 80

But it seems like if I have to have the un-encrypted port open to the internet in order to it to work, wich might be something I don't want.

Is it possible to have the CSS decrypt the HTTPS connection and then redirect it to a content wich isn't accessible to the internet ?

1 REPLY
Cisco Employee

Re: SSL-proxy list redirection

you can change the port 80 at the end of your cipher.

A lot of people use 81.

However, a user that would try port 81 could still access the un-encrypted content.

If you don't want people accessing the clear text content, you should filter before it gets to the CSS with your firewall or an acl on your gateway.

Gilles.

117
Views
0
Helpful
1
Replies