topic SSL-proxy list redirection in Application Networking https://community.cisco.com/t5/application-networking/ssl-proxy-list-redirection/m-p/515023#M9717 <P>when I configure an ssl-proxy-list I end up with redirecting the un-encrypted connection to the CSS on a new port.</P><P></P><P>Example:</P><P> ssl-server 1 </P><P> ssl-server 1 rsakey my_key </P><P> ssl-server 1 rsacert my_cert </P><P> ssl-server 1 vip address 11.22.33.44 </P><P> ssl-server 1 cipher rsa-with-rc4-128-md5 11.22.33.44 80</P><P></P><P>But it seems like if I have to have the un-encrypted port open to the internet in order to it to work, wich might be something I don't want.</P><P></P><P>Is it possible to have the CSS decrypt the HTTPS connection and then redirect it to a content wich isn't accessible to the internet ?</P> Thu, 27 Jul 2006 09:15:21 GMT halldorhg 2006-07-27T09:15:21Z SSL-proxy list redirection https://community.cisco.com/t5/application-networking/ssl-proxy-list-redirection/m-p/515023#M9717 <P>when I configure an ssl-proxy-list I end up with redirecting the un-encrypted connection to the CSS on a new port.</P><P></P><P>Example:</P><P> ssl-server 1 </P><P> ssl-server 1 rsakey my_key </P><P> ssl-server 1 rsacert my_cert </P><P> ssl-server 1 vip address 11.22.33.44 </P><P> ssl-server 1 cipher rsa-with-rc4-128-md5 11.22.33.44 80</P><P></P><P>But it seems like if I have to have the un-encrypted port open to the internet in order to it to work, wich might be something I don't want.</P><P></P><P>Is it possible to have the CSS decrypt the HTTPS connection and then redirect it to a content wich isn't accessible to the internet ?</P> Thu, 27 Jul 2006 09:15:21 GMT https://community.cisco.com/t5/application-networking/ssl-proxy-list-redirection/m-p/515023#M9717 halldorhg 2006-07-27T09:15:21Z Re: SSL-proxy list redirection https://community.cisco.com/t5/application-networking/ssl-proxy-list-redirection/m-p/515024#M9718 <HTML><HEAD></HEAD><BODY><P>you can change the port 80 at the end of your cipher.</P><P>A lot of people use 81.</P><P>However, a user that would try port 81 could still access the un-encrypted content.</P><P></P><P>If you don't want people accessing the clear text content, you should filter before it gets to the CSS with your firewall or an acl on your gateway.</P><P></P><P>Gilles.</P></BODY></HTML> Fri, 28 Jul 2006 06:25:14 GMT https://community.cisco.com/t5/application-networking/ssl-proxy-list-redirection/m-p/515024#M9718 Gilles Dufour 2006-07-28T06:25:14Z