Re: Redirecting traffic based on source address on CSS11503

haver · ‎07-25-2003

Hi all,

I need to redirect HTTP traffic originating from a specific range of IPs to a specific farm of HTTP servers. More specifically, I need request comming to CSS's outside VIP address on port 80/tcp to be redirected to the HTTP farm (2 boxes with RFC1918 addresses) on port 30084/tcp.

The trick is that this rule should only apply for a certain range of source IP addresses. The rest should be content switched normally. I.e. 80/tcp -> 80/tcp, etc.

Is this possible with ACL or somthing similar?

I'm running WebNS 7.20 on a CSS11503.

Thanks,

haver

Gilles Dufour · ‎07-25-2003

you could create a 2nd VIP like x.x.x.x:81 and

a service like

service redirect

domain x.x.x.x:81

type redirect

keepalive type none

!

Under the Vip x.x.x.x:81, you configure the 2 services with private ip addresses and port 30084.

Then you create an ACL

acl 10

clause 10 permit tcp destination content prefer redirect

clause 99 permit any any destination any

apply circuit-VLAN...

Don't forget you will need an ACL permit any any on all other interfaces to avoid blocking the rest of the traffic.

What this will do is tell the browser to close the current connection to vip:80 and reopen a new one to vip:81 and this will be loadbalanced to the private servers.

Gilles.

haver · ‎07-27-2003

Thanks for the tip Gilles.

However, it ain't gonna help in my case. I need to 'port redirecting/rewriting' stuff to be transparent for the end-user (which are actually WAP users). As far as I can see, my only option is to assign a second VIP address on the CSS and instruct these specific users to use that instead.

// haver