When a HTTP from client arrivals, CSS receives a HTTP request from
client, it will send a redirect director that let client using HTTPS.
Client -- HTTP --> CSS
CSS-- redirect director -- > Client
Client -- HTTPS --> CSS
when a client connects to a Virtual IP (VIP) and the switch is configured to send a redirect back to the client. There are two different types of redirects on the Content Services Switch (CSS), a content rule redirect and a service redirect. These two types of redirects are different in the way that they append information to the domain name, as well as when they are applied to the traffic that hits the associated VIP.
Use a redirect in the content rule as the default action
The client goes to www.example.com because any request to this VIP is redirected to the redirect string that is configured in the content rule. Notice that the /default.htm from the original request is not appended to the redirect string.
Use a service in the content rule as the default action
!************************** SERVICE **************************
In this example, there are three services in the content rule. Two of the services (regular-server1 and regular-server2) are the default type of local. The third service (abcd) is type redirect. The CSS behavior is to send all connections to local services if possible. This means that while any local service in a content rule is functional, the CSS does not send any traffic to the redirect service. Only in the event of all local services going down does the CSS ever use the redirect service.
This configuration has the same result as using a redirect in the content rule as the default action. The client goes to www.example.com because any request to this VIP is redirected to the redirect string that is configured in the service.
This example demonstrates a site that is required to operate over HTTPS exclusively. If a user comes into the site using HTTP, the CSS sends the user an HTTP redirect to come back in via HTTPS.
This example makes use of the domain and no prepend-http commands in the service.
The domain command replaces the domain portion of the original request with the domain specified in the service. It retains any URL (path and filename) information. This is useful when you need to redirect any request to a specific site, and need to preserve the requested filename.
By default, the CSS prepends http:// before any redirect it sends from a service. If you need to have the CSS prepend HTTPS://, then it needs to be entered on the domain line. When this is done, it is also necessary to turn on the default prepending string by issuing the no prepend-http command.
Hope this will bring some useful information to you regarding your case.
Still if you want to discuss any thing in this regard kindly revert back me.
I will be very happy if I can be part of any further assistance.
The Secure URL Rewrite feature prevents URL redirects and references from breaking or circumventing SSL sessions. This example uses the CLI. The same options are available in the GUI.
1. Open a management session with the device.
2. Enter Privileged, Configuration, and SSL Configuration modes:
3. Enter Server Configuration mode for the server you wish to configure URL rewrites.
(config-ssl[SCA])# server myServer
4. The urlrewrite command uses the following syntax:
urlrewrite [sslport ] [clearport ]
domainName The domain or file identifier as a domain name, IP address, or path and file name. An * (asterisk) wild card character can be used to specify more than one server in a single domain, e.g., "*.company.com".
sslport Keyword identifying the specified port to be used for SSL traffic.
portid A port identification for SSL traffic.
clearport Keyword identifying the specific port to be used for clear text traffic.
portid A port identification for clear text traffic.
redirectonly A keyword is used to indicate that only the "Location:" field in the HTTP 30x redirect header should be rewritten. This solves a common problem with Web servers using insecure HTTP 30x redirects.
To securely rewrite only 30x-series redirects (i.e., 302 or 304) referencing http:// rather than all instances of http:// (such as those that appear intentionally in the application data), use the redirectonly option. (This command must be entered on a single line.)
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...