https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610573#M11615 <HTML><HEAD></HEAD><BODY><P>Alan,</P><P></P><P>ok, I see the need for the bypass now.</P><P>I think that option 1 is much better.</P><P></P><P>Gilles.</P></BODY></HTML> Fri, 12 Jan 2007 07:44:50 GMT Gilles Dufour 2007-01-12T07:44:50Z https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610568#M11610 <P>Hi,</P><P>I am trying to decipher how to bypass the content rules being processed to allow the traffic to go direct to the real (origin) server without going via a loadbalanced device. As I know the destination IP's it seems to me that I can use ACL's with the bypass keyword, to bypass the rule engine. If this is true, then I have a couple of questions regarding ACL's in CSS.</P><P></P><P>1. CSS ACL's seem to support 255 clauses, can they support more entries say 500?</P><P>2. If the answer to Q1 is no, then can I apply more than one ACL to a circuit?</P><P></P><P>BR</P><P></P><P>Alan</P> Thu, 11 Jan 2007 12:46:00 GMT https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610568#M11610 alanwright1 2007-01-11T12:46:00Z https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610569#M11611 <HTML><HEAD></HEAD><BODY><P>Alan,</P><P></P><P>it's more simple than that.</P><P>If you want to access the real server directly use its ip address instead of the virtual ip.</P><P></P><P>The CSS is also a router/switch so it will route traffic that does not match a virtual ip.</P><P></P><P>No need for acl [except maybe to permit the traffic if you had it denied].</P><P></P><P>Gilles.</P></BODY></HTML> Thu, 11 Jan 2007 12:56:07 GMT https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610569#M11611 Gilles Dufour 2007-01-11T12:56:07Z https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610570#M11612 <HTML><HEAD></HEAD><BODY><P>Thanks Gilles,</P><P>Can CSS support the setup of 500 VIPs?</P><P></P><P>BR</P><P></P><P>Alan</P></BODY></HTML> Thu, 11 Jan 2007 13:15:42 GMT https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610570#M11612 alanwright1 2007-01-11T13:15:42Z https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610571#M11613 <HTML><HEAD></HEAD><BODY><P>Alan,</P><P></P><P>yes, you can have 500 vips on a CSS.</P><P></P><P>Gilles.</P></BODY></HTML> Thu, 11 Jan 2007 14:56:17 GMT https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610571#M11613 Gilles Dufour 2007-01-11T14:56:17Z https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610572#M11614 <HTML><HEAD></HEAD><BODY><P>Hi Gilles,</P><P>Thanks again for the feedback.</P><P></P><P>As I have no IP for the content defined, it'll try to match any IP. So I see two options now, given that I need to filter out approx 500 ip's from the "catch all" content rule. </P><P></P><P>1. Bypass using ACL and NQL have a single NQL with 500 IP host entries. Linking this to a single clause in the ACL assigned to the incoming interface.</P><P></P><P>2. Add 500 contents rules with each vip assigned into one content rule.</P><P></P><P>Would you agree that the better approach would be to use option 1 as it would contain less config?</P><P></P><P>BR</P><P></P><P>Alan</P></BODY></HTML> Thu, 11 Jan 2007 16:44:01 GMT https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610572#M11614 alanwright1 2007-01-11T16:44:01Z https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610573#M11615 <HTML><HEAD></HEAD><BODY><P>Alan,</P><P></P><P>ok, I see the need for the bypass now.</P><P>I think that option 1 is much better.</P><P></P><P>Gilles.</P></BODY></HTML> Fri, 12 Jan 2007 07:44:50 GMT https://community.cisco.com/t5/application-networking/css-11503-bypassing-content-rules/m-p/610573#M11615 Gilles Dufour 2007-01-12T07:44:50Z