cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
492
Views
19
Helpful
2
Replies

Port 80 and 443 Content Rules with URL's specified 80 works 443 fails

alfiesummers
Level 1
Level 1

I have an issue with two content rules balancing on ports 80 and 443. The port 80 rule works fine however the port 443 rule does not. If I remove the url "//webaddress.internal.domain.co.uk/*" statement from the port 443 rule or replace it with "/*" it works. The scenario is we have multiple sites hitting the same VIP but would like to send requests for specific sites to specific servers. This worked by adding the URL statement for port 80 but consistently failed on port 443!!

Thanks in advance for any help/ideas.

a quick summary of the rules below.

content L3_dev_teddiesnurseries.co.uk

add service SERVER01

add service SERVER02

vip address 10.0.0.1

advanced-balance sticky-srcip

protocol tcp

port 80

url "//www.website.domain.internal.co.uk/*"

persistent

active

----------------------------------------------

content L5_dev_teddiesnurseries.co.uk

add service SERVER01

add service SERVER02

application ssl

vip address 10.0.0.1

advanced-balance sticky-srcip

protocol tcp

port 443

url "//www.website.domain.internal.co.uk/*"

persistent

active

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

traffic encrypted can't be seen by the CSS or any other device than the destination.

Therefore, the CSS can't see the url for HTTPS traffic.

The solution is to use an ssl-offloader so the traffic is decrypted before it gets to the CSS.

Gilles.

jbillups
Level 1
Level 1

The problem that you are having is that 443 traffic is encrypted and your load balancer has no visibility into the url.