08-14-2012 08:56 AM
We have Cisco ACE 4710 Appliance.
You must implement two tasks:
1) SSL Termination - is implemented.
2) URL Filtering
a url to which the service is implemented SSL Termination his address https://www.test.com (internal address http://192.168.1.250).
We need to carry only access to addresses and https://www.test.com/index.html https://www.test.com/docs/index.php.
All other locations, for example https://www.test.com/admin/ to block.
How to implement this scheme?
I would be very grateful for any help
08-14-2012 09:24 AM
Hi,
Here is a sample config. Traffic matching 192.168.1.250:443 will be SSL offloaded and then will be loadbalanced using rservers in Serverfarm "APP1-SFARM" if the request includes "/index"or "/docs"
ssl-proxy service APP1-SSL-PROXY
key default-key.pem
cert default-cert.pem
class-map match-all APP1-443-VIP
2 match virtual-address 192.168.1.250 tcp eq https
class-map type http loadbalance match-any APP1-URLMAP
2 match http url /index/.*
3 match http url /docs/.*
policy-map type loadbalance first-match APP1-Policy
class APP1-URLMAP
serverfarm APP1-SFARM
policy-map multi-match VIPS-VLAN79
class APP1-443-VIP
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy APP1-Policy
ssl-proxy server APP1-SSL-PROXY
As you can see traffic will be SSL offloaded and then will be loadbalanced using rservers in Serverfarm "APP1-SFARM" if the request includes "/index" and you can use another L7 class-map to block the URL /admin and direct the requests to a dummy / redirect server farm respnds 404
Sample config URL filtering:
SSL termination:
Hope this helps!!!
-
Siva
05-10-2018 04:21 AM
Hello to Everyone,
I have the same problem.
I have to make the "Host http-header" filtering on SSL connection to choose the correct serverfarm destination.
Do I need to implement an SSL termination on ACE for making "Host http-header" filtering?
thank you
GR
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide