Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
861
Views
0
Helpful
4
Replies

CSS11506 with Tomcat web server?

Go to solution
julxu
Level 1
Level 1

‎04-05-2008 01:45 AM

Basically, I use SSL termination on CSS's SSL module and it seems no work for the web server using tomcat. The tomcat server insists to use http, not https. (The server always indicate client to query a URL with http head, not a URL with https head.)

Is it possible to change the behavior from CSS? My configuration is:

ssl-proxy-list ssl-slot3

ssl-server 19

ssl-server 19 vip address 10.1.1.19

ssl-server 19 rsakey testRSAkey

ssl-server 19 rsacert testCAcert

ssl-server 19 cipher rsa-with-rc4-128-sha 10.4.98.19 81

service test-backendserver-8080

ip address 10.3.3.29

protocol tcp

port 8080

keepalive type tcp

keepalive port 8080

active

content ssl-test-rule

vip address 10.1.1.19

protocol tcp

port 443

add service ssl-slot3-srv

active

content ssl-test-rule2

vip address 10.2.2.19

protocol tcp

port 8080

add service test-backendserver-8080

balance leastconn

active

Any comments will be appreciated

Thanks in advance

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎04-05-2008 06:23 AM

your tomcat server is either using absolute path (so link like http://.....) in this case the only thing you can do is modify the server, or the tomcat server is sending a redirect to the client to http://....

The SSL-mod can intercept the redirect and rewrite it to HTTPS.

You need to add a command 'ssl-server 19 urlrewrite 1 * sslport 443 clearport 8080'

A sniffer trace would tell you why the client keeps using http.

Gilles.

View solution in original post

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to julxu

‎04-07-2008 01:34 AM

I do not see the benefit of doing backend ssl if the frontend is cleartext.

Unless the CSS is on the clientside and you want to go accross the internet to the server.

In this case, yes, backend ssl could be a solution.

But verify first with a sniffer trace what is going on.

Gilles.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎04-05-2008 06:23 AM

your tomcat server is either using absolute path (so link like http://.....) in this case the only thing you can do is modify the server, or the tomcat server is sending a redirect to the client to http://....

The SSL-mod can intercept the redirect and rewrite it to HTTPS.

You need to add a command 'ssl-server 19 urlrewrite 1 * sslport 443 clearport 8080'

A sniffer trace would tell you why the client keeps using http.

Gilles.

0 Helpful

Go to solution
julxu
Level 1
Level 1
In response to Gilles Dufour

‎04-07-2008 01:15 AM

if it is absolute path, can I use backend-ssl configuration to achive L5 load balancing (with stickness)?

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to julxu

‎04-07-2008 01:34 AM

I do not see the benefit of doing backend ssl if the frontend is cleartext.

Unless the CSS is on the clientside and you want to go accross the internet to the server.

In this case, yes, backend ssl could be a solution.

But verify first with a sniffer trace what is going on.

Gilles.

0 Helpful

Go to solution
julxu
Level 1
Level 1
In response to Gilles Dufour

‎04-16-2008 07:03 PM

Gilles, thousands thanks your help.

Tomcat's native behavior is to generate

absolute URL's on all redirects. And that cannot be changed.

To fix it is to change configuration on tomcat to treat CSS as a proxy server.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card