Hi Jim,

thanks for your reply. Normaly, your advice would be fine, but I also need to insert client certificate fields to the packets destined to rservers (end to end SSL), and action lists with SSL header inserts are only allowed in class-default. So the correct URL must be processed in this class.

Best wishes,

Lubomir

Lubomir,

Unfortunately I cannot think of a way to do this. Anything that does not match your L7 class-maps will be sent to class class-default. Unless you can come up with some kind of regex match that will cover all possible incoirrect URLs I do not really see how this could work.

Best regards

Jim

Jim,

I thought there was a way to write an url match statement, that would exclude my correct URL. In the documentation (http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_1_0/configuration/slb/guide/classlb.html#wp1313278) there is an option to exclude a character:

If there would be a way to exclude the whole string (= the exact sequence of more characters), this whould be what I need. But I can not find the correct way to configure it, and maybe this is not possible at all.

Thank you very much for your answers.

L.

Lubomir,

Can you provide some samples of what the incorrect URLs would look like as well as correct ones? You are correct that we can instruct the ACE to ignore some characters in a string but the rest of the regex must still match exactly for the class to be hit.

Regards

Jim

Hi Jim,

server people asked us to only allow access to:

www.host.com/public/>

We should block (redirect to /public) requests to all other url, for example:

www.host.com/devel/>

www.host.com/test1/>

and others, which may not be known now.

Regards,

Lubomir