topic CSS11501 ssl-server urlrewrite Not Working in Application Networking

CSS11501 ssl-server urlrewrite Not Working

john.pepper — Fri, 24 Sep 2004 07:49:16 GMT

I have a CSS11501 with the on-board SSL module.

The device is configured with the relevant ss-proxy-list,ssl services and content rules to receive https sessions, decrypt them and pass them onto backend http Web servers - this is working ok.

However, the customer also wants any normal http sessions sent from the users browser to be re-written to https - this is to cater for the situation where the user accidently types a http url instead of using https. e.g.

//http:www.mydomain.com/webstuff/content.html

should be:

//https:www.mydomain.com/webstuff/content.html

From the documentation I have read it appears to me that the 'urlrewrite' command does exactly this.

However, I have configured this in my ssl-proxy-list but it doesn't seem to work - a browser session using http just times-out and doesn't get re-directed to https.

Have I got the correct command..?

My relevant config bits are below:

ssl-proxy-list ssl_listxxxx

ssl-server 33

ssl-server 33 vip address xxx.xxx.xxx.xxx

ssl-server 33 rsacert my_cert

ssl-server 33 rsakey my_key

ssl-server 33 cipher rsa-export-with-rc4-40-md5 xxx.xxx.xxx.xxx 80

ssl-server 33 urlrewrite 1 www.mydomain.com

active

service ssl-serxxxx

type ssl-accel

slot 2

keepalive type none

add ssl-proxy-list ssl_listxxxx

active

content ssl-content

vip address xxx.xxx.xxx.xxx

port 443

protocol tcp

add service ssl-serxxxx

application ssl

advanced-balance ssl

active

content backed-http-content

add service http-content-1

protocol tcp

port 80

url "/webstuff*"

advanced-balance sticky-srcip-dstport

vip address xxx.xxx.xxx.xxx

active

Thanks....John

Re: CSS11501 ssl-server urlrewrite Not Working

Gilles Dufour — Sun, 26 Sep 2004 06:57:04 GMT

John,

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml

look at the last example - redirect from http to https.

The urlrewrite command only affect the response from the server.

So it's not going to help you here.

Regards,

Gilles

Re: CSS11501 ssl-server urlrewrite Not Working

john.pepper — Sun, 26 Sep 2004 12:20:16 GMT

Hi Gilles,

thanks again, this is great and I think what the customer wants.

The only thing I'm not clear on here is the IP address used in the 'secure-transfer' service (ip address 2.2.2.2)

Is this just s spoof ip address or should it be a valid server ip address.?

Cheers...John

********** SERVICE ***********

service secure-transfer

ip address 2.2.2.2

keepalive type none

type redirect

no prepend-http

domain https://www.cisco.com

active

service regular-server1

ip address 10.2.3.4

active

service regular-server2

ip address 10.2.3.5

active

********* OWNER *********

owner CSS-Team

content default-redirect

vip address 206.25.90.84

protocol tcp

port 80

url "/*"

add service secure-transfer

active

content ssl-rule

vip address 206.25.90.84

protocol tcp

port 443

add service regular-server1

add service regular-server2

active

Re: CSS11501 ssl-server urlrewrite Not Working

Gilles Dufour — Thu, 30 Sep 2004 14:01:22 GMT

the ip address can be whatever.

It's actually not being used.

Gilles.

Re: CSS11501 ssl-server urlrewrite Not Working

john.pepper — Thu, 30 Sep 2004 22:37:20 GMT

Thanks Gilles,

You've been a great help.

All the best...John