Specifying Secure Url Rewrite - Cisco 11503 - CSS Content Services Switch Configuration Manual

Content services switch ssl configuration guide

Hide thumbs Also See for 11503 - CSS Content Services Switch:

Administration manual (392 pages)

Hardware installation manual (184 pages)

Getting started manual (142 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

Table of Contents

Chapter 4

Configuring SSL Termination

Configuring Virtual SSL Servers for an SSL Proxy List

The unclean-shutdown option for the ssl-server command instructs the CSS to

send only a TCP FIN message to terminate a client connection. The CSS does not

send a Close-Notify alert to close a client connection.

For example, to configure the CSS to send only a TCP FIN message to terminate

a client connection, enter:

(config-ssl-proxy-list[ssl_list1])# ssl-server 20 unclean-shutdown

The no version of this command resets the CSS default behavior of sending both

a Close-Notify alert and TCP FIN message to close the client connection. For

example, enter:

(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 unclean-shutdown

Specifying Secure URL Rewrite

Client HTTPS connections can become HTTP connections when sent to a

back-end server through a virtual SSL server in the SSL proxy list. The back-end

server receives data as clear text from the client in the HTTP connection. If the

server performs an HTTP 300-series redirect to another HTTP URL, the redirect

causes the client to perform an HTTP request even though the client originally had

been performing an HTTPS request. Because the client's connection changes to

HTTP, the requested data may not be available from the server using a clear text

connection.

Do not specify secure URL rewrite as a configuration parameter for the virtual

Note

SSL server if you plan to include one or more back-end SSL servers in the SSL

proxy list (as described in the

"Specifying the Nagle Algorithm for SSL TCP

Connections"

section).

You can avoid problems with nonsecure HTTP redirects from the back-end server

by configuring one or more URL rewrite rules. Each rewrite rule is associated

with a virtual SSL server in the SSL proxy list. URL rewrite rules resolve the

problem of a web site redirecting the user to a nonsecure HTTP URL by rewriting

the domain from http:// to https://. By using URL rewrite, all client connections

to the Web server will be SSL, ensuring the secure delivery of HTTPS content

back to the client.

Cisco Content Services Switch SSL Configuration Guide

4-35

OL-5655-01

Table of Contents

This manual is also suitable for:

11500 series

Specifying Secure Url Rewrite - Cisco 11503 - CSS Content Services Switch Configuration Manual

Specifying Secure URL Rewrite

Related Manuals for Cisco 11503 - CSS Content Services Switch

Related Content for Cisco 11503 - CSS Content Services Switch

This manual is also suitable for:

Table of Contents