Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL Termination on CSS11501

When using SSL termination on the CSS Is it possible to force part of a site eg. the area under a particular virtual directory, or a list of pages, for SSL termination, with the remainder of the site still being accessible via http?

Or is it only possible to nominate an entire site?

Regards

David

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SSL Termination on CSS11501

what you can do is intercept the http traffic going to the secure site and redirect it to an HTTPS vip.

ie:

content all-http

vip 10.1.1.1

port 80

url "/*"

content redirect-secure

vip 10.1.1.1

port 80

url "/secure/*"

service redirect

content secured

vip 10.1.1.1

port 443

service sslmod

Something like this.

Once in https mode, you could also intercept decrypted traffic sent to a non-secure directory and do another redirect to http. Personally, I do not see the need for it.

Gilles.

1 REPLY
Cisco Employee

Re: SSL Termination on CSS11501

what you can do is intercept the http traffic going to the secure site and redirect it to an HTTPS vip.

ie:

content all-http

vip 10.1.1.1

port 80

url "/*"

content redirect-secure

vip 10.1.1.1

port 80

url "/secure/*"

service redirect

content secured

vip 10.1.1.1

port 443

service sslmod

Something like this.

Once in https mode, you could also intercept decrypted traffic sent to a non-secure directory and do another redirect to http. Personally, I do not see the need for it.

Gilles.

140
Views
0
Helpful
1
Replies
CreatePlease login to create content