Showing results for 
Search instead for 
Did you mean: 

CSS strange behaviour with SSL VIP and host headers inc a port


Hi all,

I had the below config in place so TCP 443 traffic terminated on and unencrypted traffic was sent onto backend servers via a content rule setup to listen on TCP 80 for IP address

ssl-server 190

ssl-server 190 rsakey mysecurecert_key

ssl-server 190 rsacert mysecurecert_cert

ssl-server 190 cipher rsa-with-rc4-128-md5 80 weight 5

ssl-server 190 cipher rsa-with-rc4-128-sha 80 weight 4

ssl-server 190 vip address

If i used a browser and connected to the VIP then all was good and everything worked as expected. However we have an application that specifies the port along with the host in the HTTP host header so rather than Host: it would have Host:

For whatever reason when the host header has the port appended things brake and i'm not sure what the CSS does but the backend servers never receive any traffic. From the client end it seems to go through the client/server hello and at least sends the HTTPS request.

To fix this, i just changed the to be so the VIP was the same as the back-end content rule IP used with the cipher suite.

More out of curiosity than anything but is this a known bug or by design? I'm not sure why having the SSL VIP being different to the backend content rule IP would allow HTTP requests with just the host in the host header and not when there is a port appended ?


1 Reply 1

Cesar Roque

Hi Scott,

Do you have a showtech of the CSS with the previous configuration???


Cesar R

--------------------- Cesar R ANS Team
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: