Re: CSS 11500 url path rewrite and NAT

astrand · ‎06-06-2005

Hi,

We are evaluating a CSS 11500 and try to configure url path rewrite and NAT, but we have some problems.

What we would like to do is the following:

http://www.example.com/path1 -> http://host1:80

http://www.example.com/path2 -> http://host1:8080

http://www.example.com/path3 -> http://host2:80

The address www.example.com is resolving to a valid internet address, whereas host1 and host2 resolves to private IP addresses.

The client should always see the external url (e.g. http://www.example.com/path1/...) and the CSS should do the necessary translation.

Any help would be very much appreciated!

Regards,

Harald

jfoerster · ‎06-06-2005

Hi Harlad,

this should work with Layer5 Rules. The only thing that will not work from my point of view is the fact that the service configuration is not possible with DNS-names (or in other words I never tried to do so). If you configure the IP-Addresses in the services on the CSS it is possible (3 services) and 3 Layer5 rules.

Kind Regards,

Joerg

Gilles Dufour · ‎06-07-2005

Joerg,

FYI, you can use hostname for creating services.

CSS11503(config-service[test])# ip address ?

Of the form a.b.c.d or host.domain.com

However, the CSS sends the DNS request only once.

If your server changes of ip address, you will need to reboot the CSS or reconfigure the service.

Gilles.

Gilles Dufour · ‎06-07-2005

Harald,

to complete the answer from Joerg, you can do the following

service host1-80

ip address host1

port 80

!

service host1-8080

ip address host1

port 8080

!

service host2-80

ip address host2

port 80

!

owner Mycompany

content rule1

vip address x.x.x.x

proto tcp

port 80

url "//path1/*"

add service host1-80

content rule2

vip address x.x.x.x

proto tcp

port 80

url "//path2/*"

add service host1-8080

<...>

Gilles.

astrand · ‎06-07-2005

I have configured the CSS as in your example, but unfortunately it does not work for me. I get the following translation

http://www.example.com/path1 -> http://host1/path1:80

http://www.example.com/path2 -> http://host1/path2:8080

instead of the one I would like:

http://www.example.com/path1 -> http://host1:80

http://www.example.com/path2 -> http://host1:8080

Is it possible to configure the CSS so that the initial path is removed from the url?

Below are two other examples of what I would like to accomplish that hopefully clearifies better:

http://www.example.com/path1/en/test.html -> http://host1/en/test.html:80

http://www.example.com/path2/fr/test2.html -> http://host1/fr/test2.html:8080

Thank you very much again for your help!

Regards,

Harald

jfoerster · ‎06-07-2005

HI Harald, HI Gilles,

from my point of view URL-rewriting is not supported on the CSS sofar. I've only seen URL-rewriting on the SCA/SSL-Module but this does not fit in this environment.

Gilles, thanks for correcting me I forgot the possibility of adding hostsnames because this is more or less as static as adding the IP-Address itself as the DNS-Request is not issued reguallary so the advantage of using DNS-Nmes is not that high to rember that possibility... ;-)

Kind Regards,

Joerg

Gilles Dufour · ‎06-08-2005

Joerg is correct.

You can't modify the url with the CSS.

The only way to do it would be to use a redirect.

By sending a redirect to the client, the CSS can replace the url with one that you configured.

However, this is not dynamic.

You can't extract part of the path and reuse it in your redirect.

Regards,

Gilles.

astrand · ‎06-28-2005

Will it be possible in future releases of the CSS to modify the url without using redirects?

Regards,

Harald

fajaredisyaputera · ‎07-01-2005

Hello Experts, I'm new with this cisco stuff too(just got it 3 weeks ago), but here is some of my experience with cisco css 11501.

First : Service ServerName, there is a port setting here, but from my experience, I think it is related with KeepAlive option, so, port is alternate way to know if the server alive or not.

Second : When you send request to cisco css, the port option in content port will be the cisco css port to accept request, so, if you send a request to http://vip:8080/, all service must be in the same port too to balance the request, in this case, port 8080, if one service port 80, i'm sure the css will not hit the server.

Third : To solve your problem...

http://www.example.com/path1 -> http://host1:80 (ipA)

http://www.example.com/path2 -> http://host1:80 (ipB)

http://www.example.com/path3 -> http://host2:80

if you are lazy to buy new nic, just set subinterface/ip alias on the host1, and make the webserver only bind to specific address, not to all interface...

O yea, about your path1/path2/path3 -> /, hmm, i'm still asking in this forum about path changing cause until now, i haven't know how to do this, i know about apache rewrite module, and success do this, if only i know about this in cisco css too :-(

I'm sorry if I make mistake, I'm just telling my experience...

Gilles Dufour · ‎07-02-2005

the port is being used for doing nat translation.

If your vip is on port 80 and your service on port 8080, it means the CSS will PAT (port address translation) from 80 to 8080 when sending traffic to the server.

The command 'keepalive port' is only used for the keepalive so.

Regarding the path, we can't modify it within the CSS.

The only way would be to intercept a specific path and send a redirect to the client to another path.

This is easily done with the redirect feature.

Regards,

Gilles.

[software developper for CSS and CSM :-) ]