05-02-2012 12:31 AM
I have a client who wants help with some URL filtering in their ACE appliance.
Description of the case is as follows:
All calls to http://www.acme.dom.se/lagrummet be sent to http://pluto.dom.se/lagrummet.
Note, no calls coming in on the VIP get sent to something other than /lagrummet, it must be ensured that with a creative URL cannot access another service!
Is it a redirect or rewrite that would be the best solution?
Thank you.
05-02-2012 10:23 PM
Hello,
Basically you just want to match: /lagrummet ,-only that-, correct?
What about if you have http://www.acme.dom.se/lagrummet/services or something like that? Do you like to send that to http://pluto.dom.se/lagrummet anyway?
What you can do is to configure a redirect to send the request to http://pluto.dom.se/lagrummet if it matches the uri /lagrumment, otherwise you can just have a default serverfarm to handle the rest of the traffic which does not match
/lagrummen or just configure a "drop"
J
.
06-07-2012 05:05 AM
Hello,
Thank you for your answer, sorry for the delay in my response. Do you have an example of this configuration or could you create one from the above?
Thank you.
//HB
06-07-2012 09:22 PM
Hello HB,
Probably you can try the following:
access-list ANYONE line 10 extended permit ip any any
interface vlan 10
description Client vlan
ip address 172.16.1.2 255.255.255.0
access-group input ANYONE
service-policy input WEB
no shutdown
policy-map multi-match WEB
class WEB_VIP
loadbalance vip inservice
loadbalance WEB
loadbalance vip icmp-reply active
class-map match-all WEB_VIP
2 match virtual-address 172.16.1.10 tcp eq www
class-map type http loadbalance match-all HOST-MATCH
2 match http header Host header-value "www.acme.dom.se"
3 match http url /lagrummet
policy-map type loadbalance first-match WEB
class HOST-MATCH
serverfarm SERVERFARM-REDIRECT
Class class-default
drop
serverfarm redirect SERVERFARM-REDIRECT
rserver SV-REDIRECT
inservice
rserver redirect SV-REDIRECT
webhost-redirection http://pluto.dom.se/lagrummet 301
inservice
Once the ACE has done the redirect, you need to make sure to have another VIP which will handle the new request:
http://pluto.dom.se/lagrummet which will load balance the traffic between the servers which you have configured for that.
Hope this helps!!!
+++++++++++++++++++
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide