Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
3
Replies

url routing with ssl questions.

Go to solution
clayton-price
Level 1
Level 1

‎02-27-2003 12:03 AM

Is there anyway I can route traffic to a specific set of servers based on a portion of a url, and then have the traffic remain on that content rule if the connection switches to ssl? For example, I have a layer3 content rule that sends traffic to server A & B, I then have a content rule with the same VIP that includes a url "/test/", this rule sends traffic to server C & D. I want users to remain on C & D when accessing /test/ via https. Is this possible?

I'm assuming an 11500 with an SSL module will let you route based on url for encrpyted traffic. I'm guessing it decrypts the traffic, then matches it against content rules?

Thanks in advance!

Clayton

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to clayton-price

‎02-28-2003 02:06 AM

if SSL is terminated on the server currently, the CSS does not see the url requested. So, you can't route based on the url in this case.

Cookies is also not possible.

Only solution would be to route based on ip source with the command 'balance srcip'

If you get an SCA or migrate to a CSS11500 with an SSL module, than the solution mention previously is posible.

Gilles.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎02-27-2003 02:01 AM

Clayton,

first part (routing based on url) is achievable with a config like this

owner mycompany

content www1

vip add x.x.x.x

proto tcp

port 80

url "/test/*"

!

For the 2nd part, because the traffic is decrypted, you can still

use the same rule above to stick to the same servers based on the

url. If you want to stick to the exact same server, you will have to use

arrowpoint cookies.

Gilles.

0 Helpful

Go to solution
clayton-price
Level 1
Level 1
In response to Gilles Dufour

‎02-27-2003 11:58 AM

Thanks!

So the first part, we would be unable to keep them on the same servers once the traffic goes to ssl. We are currently using 11051's with the ssl being termincated on the servers.

Clayton

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to clayton-price

‎02-28-2003 02:06 AM

if SSL is terminated on the server currently, the CSS does not see the url requested. So, you can't route based on the url in this case.

Cookies is also not possible.

Only solution would be to route based on ip source with the command 'balance srcip'

If you get an SCA or migrate to a CSS11500 with an SSL module, than the solution mention previously is posible.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents