Re: CSS 11050 and Raptor proxy.

t.baranski · ‎09-18-2002

Are there any known issues with CSS when a client is behind a Raptor proxy? We're experiencing an issue with a client behind such a proxy that doesn't occur with other clients. For whatever reason, when the client goes to our SSL site via the hostname, he has issues logging in (sometimes gets redirected back to the login screen after entering his username/password). When he does manage to login, a lot of the images on the subsequent pages aren't present.

However, if he enters the CSS VIP into his browser as opposed to the hostname, everything is fine.

We're using a CSS-on-a-stick configuration where CSS is on the backbone, but the web servers are behind firewalls. So, CSS NAT's traffic such that, to the web servers, all traffic appears to be coming from CSS. This ensures that the entire flow passes through CSS.

If anyone knows of any issues with Raptor proxies or has other advice, I'd appreciate it.

Thanks,

Terry

pgolding · ‎09-21-2002

does the raptor support proxy of SSL? is the switch from port 80 to 443 a server redirect that the CSS can stick the session on?

CSS can not see host headers in SSL traffic, are you using a layer 5 rule for port 443 traffic? (ie you have url "

check this link for the only reliable way to make this work -

http://cco.cisco.com/warp/customer/117/converting_ssl_http.html

t.baranski · ‎09-23-2002

It doesn't seem as though there are any SSL issues with his proxy, as he can access the site fine when using an IP address (whether it be the server's real IP or the VIP). I put 'url "/*"' in the rule, thinking that this wouldn't cause any problems since it always matches.

The switch from 80 to 443 is done by CSS via a redirect service -- it redirects to https://(hostname). Your question makes me realize that I don't know if he's using SSL specifically or if he's being redirected from port 80. I'll have to have him try it both ways to see if the results differ.