Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-20
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
• redirect - The CSS sends connections of failed authentications to a
configured URL.
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 failure redirect
To configure the URL where the CSS redirects the client connection, use the
ssl-server number failure-url command. Enter a URL with a maximum of
168 characters and no spaces. For example, to redirect the client connection
to URL www.service_css.com when client authentication fails, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 failure-url
http://www.service_css.com
If you want to change an existing redirect URL, you must use the no
ssl-server number failure-url command to remove it, and then reissue the
ssl-server number failure-url command to configure the new URL. Note that
you must suspend an activated virtual SSL server before modifying it.
For example, to remove the URL, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 failure-url
Note Regardless of the failure settings, the CSS logs a client authentication failure as
an error message in syslog.
Configuring HTTP Header Insertion
During an SSL connection, a client may need to pass specific information to a
back-end server. HTTP header insertion allows the embedding of information into
an HTTP header during a client connection. For example, when a client connects
to the virtual SSL server and the CSS decrypts the data, the CSS can insert
information about the SSL session, and insert the client and server certificate into
the HTTP request header, and then pass the header to the back-end server.
Note HTTP header insertion only occurs on the first HTTP request for a persistent
HTTP 1.1 connection. Subsequent requests within the same TCP connection are
sent unmodified. For HTTP 1.0, in which persistence is not implemented, all
HTTP requests contain the inserted header.
To Next Page
Loading...
Need help?
General
