cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
471
Views
0
Helpful
2
Replies

SSL CSM Issue

mark.hansel
Level 1
Level 1

I'm having an issue with a SSL-Proxy and CSM Module configuration. I'm terminating HTTPS Connections on the SSL-Module. The back end server is IIS (Windows 2003). This particular server has a number of web applications located in directories "beneath" the root web.

The problem appears to be related to default documents configured on the IIS Web Server. The SSL connection will not work unless the client browser URL includes a trailing "/". For instance if I use the URL HTTPS://10.0.1.1/mp it doesn't find the default document; however, it works if I use the URL HTTPS://10.0.1.1/mp/. The trailing slash is not required for non SSL connections, ie. http://10.0.1.1/mp works just fine.

The SSL-Proxy module is running 2.1(2) software.

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

I would suggest to capture a trace when using HTTP [not SSL] and verify if the server redirect the client to the correct url [with trailing '/'].

Capture another trace on the server when using the SSL module.

Try to see the difference.

If there is a redirect, you will need a urlrewrite function to rewrite the url contained in the redirect.

Thanks,

Gilles.

View solution in original post

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

I would suggest to capture a trace when using HTTP [not SSL] and verify if the server redirect the client to the correct url [with trailing '/'].

Capture another trace on the server when using the SSL module.

Try to see the difference.

If there is a redirect, you will need a urlrewrite function to rewrite the url contained in the redirect.

Thanks,

Gilles.

Gilles,

Just wanted to let you know that I discovered the problem using the method that you suggested and you were exactly correct. IIS handles an missing trailing "\" by responding with a "HTTP 301" error letting the browser know that the link has been permanently moved and adds the trailing slash. I added an HTTP re-write statement and solved the problem.

Review Cisco Networking for a $25 gift card